Vulnerability-Lookup

	Vendor	Product	Version
	Apache Software Foundation	Apache Log4j2	Affected: 2.0-beta9 , < log4j-core* (custom)

Cwes	CWE-20 CWE-400 CWE-502
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	Log4j2
Due Date	2021-12-24
Date Added	2021-12-10
Vendorproject	Apache
Vulnerabilityname	Apache Log4j2 Remote Code Execution Vulnerability
Knownransomwarecampaignuse	Known

CNVD-2021-100238

Vulnerability from cnvd - Published: 2021-12-15

Title

Apache Log4j代码问题漏洞

Description

Apache Log4j是美国阿帕奇（Apache）基金会的一款基于Java的开源日志记录工具。 Apache Log4J存在代码问题漏洞，攻击者可利用该漏洞设计一个数据请求发送给使用 Apache Log4j工具的服务器，当该请求被打印成日志时就会触发远程代码执行。

Severity

高

Patch Name

Apache Log4j代码问题漏洞的补丁

Patch Description

Apache Log4j是美国阿帕奇（Apache）基金会的一款基于Java的开源日志记录工具。 Apache Log4J存在代码问题漏洞，攻击者可利用该漏洞设计一个数据请求发送给使用 Apache Log4j工具的服务器，当该请求被打印成日志时就会触发远程代码执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://logging.apache.org/log4j/2.x/security.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

Impacted products

Name
['Apache Log4j >=2.0.1，<2.15.0', 'Apache Log4j 2.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-44228"
    }
  },
  "description": "Apache Log4j\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u57fa\u4e8eJava\u7684\u5f00\u6e90\u65e5\u5fd7\u8bb0\u5f55\u5de5\u5177\u3002\n\nApache Log4J\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbe\u8ba1\u4e00\u4e2a\u6570\u636e\u8bf7\u6c42\u53d1\u9001\u7ed9\u4f7f\u7528 Apache Log4j\u5de5\u5177\u7684\u670d\u52a1\u5668\uff0c\u5f53\u8be5\u8bf7\u6c42\u88ab\u6253\u5370\u6210\u65e5\u5fd7\u65f6\u5c31\u4f1a\u89e6\u53d1\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://logging.apache.org/log4j/2.x/security.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-100238",
  "openTime": "2021-12-15",
  "patchDescription": "Apache Log4j\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u57fa\u4e8eJava\u7684\u5f00\u6e90\u65e5\u5fd7\u8bb0\u5f55\u5de5\u5177\u3002\r\n\r\nApache Log4J\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbe\u8ba1\u4e00\u4e2a\u6570\u636e\u8bf7\u6c42\u53d1\u9001\u7ed9\u4f7f\u7528 Apache Log4j\u5de5\u5177\u7684\u670d\u52a1\u5668\uff0c\u5f53\u8be5\u8bf7\u6c42\u88ab\u6253\u5370\u6210\u65e5\u5fd7\u65f6\u5c31\u4f1a\u89e6\u53d1\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Log4j\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e \u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache Log4j \u003e=2.0.1\uff0c\u003c2.15.0",
      "Apache Log4j 2.0"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
  "serverity": "\u9ad8",
  "submitTime": "2021-12-14",
  "title": "Apache Log4j\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e"
}

BDU:2021-05969

Vulnerability from fstec - Published: 10.12.2021

Title

Уязвимость компонента JNDI библиотеки журналирования Java-программ Apache Log4j2, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость компонента JNDI библиотеки журналирования Java-программ Apache Log4j2 связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vendor

Cisco Systems Inc., Сообщество свободного программного обеспечения, Siemens AG, Red Hat Inc., ООО «Ред Софт», NetApp Inc., Microsoft Corp, АО «Концерн ВНИИНС», SonicWall, Juniper Networks Inc., Dell Technologies, Apache Software Foundation, АО "НППКТ", ООО «Юбитех»

Software Name

Cisco Identity Services Engine, Debian GNU/Linux, Cisco Registered Envelope Service, Cisco Umbrella, LOGO! Soft Comfort, Cisco Evolved Programmable Network Manager, OpenShift Container Platform, Jboss Fuse, РЕД ОС (запись в едином реестре российских программ №3751), Oncommand Insight, OpenShift Application Runtimes, Red Hat Descision Manager, JBoss A-MQ Streaming, Cisco Webex Meetings, Red Hat OpenStack Platform, JBoss EAP, CodeReady Studio, A-MQ Clients, Data Grid, Cisco DNA Center, Azure Spring Cloud, Red Hat build of Quarkus, Red Hat Integration Camel K, UCS Director, Red Hat Integration Camel Quarkus, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177), Email Security, Cisco Advanced Web Security Reporting Application, Cisco CloudCenter Suite Admin, Crosswork Change Automation, Integrated Management Controller (IMC) Supervisor, Intersight Virtual Appliance, Network Services Orchestrator, Cisco Nexus Dashboard, Cisco WAN Automation Engine (WAE), Catalyst SD-WAN Manager, Cisco BroadCloud, Cisco Computer Telephony Integration Object Server (CTIOS), Enterprise Chat and Email, Cisco Packaged Contact Center Enterprise, Cisco Unified Contact Center Enterprise, Cisco Unified SIP Proxy Software, Video Surveillance Manager, Cisco Kinetic for Cities, Cisco Unified Communications Manager Cloud, Cisco Webex Cloud-Connected UC (CCUC), Cisco Managed Services Accelerator, Cisco ThousandEyes Recorder, OpenShift Logging, Red Hat JBoss Enterprise Application Platform Expansion Pack, Cloud Manager, ONTAP Tools for VMware vSphere, SnapCenter Plug-in, Brocade SAN Navigator (SANnav), Networks NorthStar Controller Application, Juniper Networks Paragon Insights, Juniper Networks Paragon Pathfinder, Juniper Networks Paragon Planner, Capital, Comos Desktop App, Desigo CC Advanced Reporting, Desigo CC Info Center, E-Car OC Cloud Application, EnergyIP Prepay, GMA-Manager, HES UDIS, Industrial Edge Management App (IEM-App), Industrial Edge Management OS (IEM-OS), Industrial Edge Manangement Hub, Mendix Applications, Mindsphere Cloud Application, Siemens NX, Opcenter Intelligence, Operation Scheduler, SIGUARD DSA, SIMATIC WinCC, Siveillance Command, Siveillance Control Pro, Siveillance Identity, Siveillance Vantage, Solid Edge Wiring Harness Design, Spectrum Power 4, Teamcenter Suite, VeSys, Xpedition EDM Client, Xpedition EDM Server, Xpedition Package Integrator, EMC Connectrix SANnav, Enterprise Hybrid Cloud, EMC Enterprise Storage Analytics for vRealize Operations, Storage Analytics for vRealize Operations, VxRail, Wyse Management Suite, Log4j, Azure Application Insights Java SDK, Azure Data Lake Store Java tool, Azure Data Lake Store Java client SDK, Azure DevOps Server, Azure DevOps, Team Foundation Server, SQL Server 2019 Big Data Clusters, Azure VMware Solution, Azure Databricks, Azure Arc-enabled Data Services, Minecraft Java Edition, Defender for IoT, Events Hub Extension, Cosmos DB Kafka Connector, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), UBLinux (запись в едином реестре российских программ №6874)

Software Version

. (Cisco Identity Services Engine), 9 (Debian GNU/Linux), - (Cisco Registered Envelope Service), - (Cisco Umbrella), - (LOGO! Soft Comfort), - (Cisco Evolved Programmable Network Manager), 3.11 (OpenShift Container Platform), 7 (Jboss Fuse), 10 (Debian GNU/Linux), 7.2 Муром (РЕД ОС), - (Oncommand Insight), - (OpenShift Application Runtimes), 7 (Red Hat Descision Manager), - (JBoss A-MQ Streaming), - (Cisco Webex Meetings), 13.0 (Queens) (Red Hat OpenStack Platform), 4 (OpenShift Container Platform), 7 (JBoss EAP), 12 (CodeReady Studio), 2 (A-MQ Clients), 8 (Data Grid), - (Cisco DNA Center), - (Azure Spring Cloud), - (Red Hat build of Quarkus), - (Red Hat Integration Camel K), - (UCS Director), - (Red Hat Integration Camel Quarkus), 1.0 (ОС ОН «Стрелец»), 11 (Debian GNU/Linux), - (Email Security), - (Cisco Advanced Web Security Reporting Application), - (Cisco CloudCenter Suite Admin), - (Crosswork Change Automation), - (Integrated Management Controller (IMC) Supervisor), - (Intersight Virtual Appliance), - (Network Services Orchestrator), до 2.1.2 (Cisco Nexus Dashboard), - (Cisco WAN Automation Engine (WAE)), - (Catalyst SD-WAN Manager), - (Cisco BroadCloud), - (Cisco Computer Telephony Integration Object Server (CTIOS)), - (Enterprise Chat and Email), - (Cisco Packaged Contact Center Enterprise), - (Cisco Unified Contact Center Enterprise), - (Cisco Unified SIP Proxy Software), - (Video Surveillance Manager), - (Cisco Kinetic for Cities), - (Cisco Unified Communications Manager Cloud), - (Cisco Webex Cloud-Connected UC (CCUC)), - (Cisco Managed Services Accelerator), - (Cisco ThousandEyes Recorder), - (OpenShift Logging), - (Red Hat JBoss Enterprise Application Platform Expansion Pack), - (Cloud Manager), - (ONTAP Tools for VMware vSphere), - (SnapCenter Plug-in), - (Brocade SAN Navigator (SANnav)), - (Networks NorthStar Controller Application), - (Juniper Networks Paragon Insights), - (Juniper Networks Paragon Pathfinder), - (Juniper Networks Paragon Planner), до 2019.1 SP1912 включительно (Capital), - (Comos Desktop App), 4.0 (Desigo CC Advanced Reporting), 4.1 (Desigo CC Advanced Reporting), 4.2 (Desigo CC Advanced Reporting), 5.0 (Desigo CC Advanced Reporting), 5.1 (Desigo CC Advanced Reporting), 5.0 (Desigo CC Info Center), 5.1 (Desigo CC Info Center), до 2021-12-13 (E-Car OC Cloud Application), 3.7 (EnergyIP Prepay), 3.8 (EnergyIP Prepay), до 8.6.2j-398 (GMA-Manager), - (HES UDIS), - (Industrial Edge Management App (IEM-App)), - (Industrial Edge Management OS (IEM-OS)), - (Industrial Edge Manangement Hub), - (Mendix Applications), до 2021-12-11 (Mindsphere Cloud Application), - (Siemens NX), до 3.2 (Opcenter Intelligence), до 1.1.3 включительно (Operation Scheduler), 4.2 (SIGUARD DSA), 4.3 (SIGUARD DSA), 4.4 (SIGUARD DSA), до 7.4 SP1 (SIMATIC WinCC), до 4.16.2.1 включительно (Siveillance Command), - (Siveillance Control Pro), - (Siveillance Identity), - (Siveillance Vantage), до 2020 SP2002 включительно (Solid Edge Wiring Harness Design), - (Spectrum Power 4), - (Teamcenter Suite), до 2019.1 SP1912 включительно (VeSys), от VX.2.6 до VX.2.10 включительно (Xpedition EDM Client), от VX.2.6 до VX.2.10 включительно (Xpedition EDM Server), от X.2.6 до X.2.10 включительно (Xpedition Package Integrator), 2.1.1 (EMC Connectrix SANnav), 4.1.2 (Enterprise Hybrid Cloud), до 6.3.0 (EMC Enterprise Storage Analytics for vRealize Operations), до 6.3.0 (Storage Analytics for vRealize Operations), - (VxRail), до 3.5.1 (Wyse Management Suite), до 2.3.1 (Log4j), до 2.12.3 (Log4j), до 2.17.0 (Log4j), - (Azure Application Insights Java SDK), - (Azure Data Lake Store Java tool), - (Azure Data Lake Store Java client SDK), - (Azure DevOps Server), - (Azure DevOps), - (Team Foundation Server), - (SQL Server 2019 Big Data Clusters), - (Azure VMware Solution), - (Azure Databricks), - (Azure Arc-enabled Data Services), - (Minecraft Java Edition), - (Defender for IoT), - (Events Hub Extension), - (Cosmos DB Kafka Connector), до 2.4.2 (ОСОН ОСнова Оnyx), до 2204 (UBLinux), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для Apache Log4j2: https://logging.apache.org/log4j/2.x/security.html Для программных продуктов Cisco Systems Inc.: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/CVE-2021-44228 Для программных продуктов SonicWall: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2021-44228 Для программных продуктов NetApp Inc.: https://security.netapp.com/advisory/ntap-20211210-0007/ Для программных продуктов Juniper Networks Inc.: https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259&cat=SIRT_1&actp=LIST Для программных продуктов Siemens AG: https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf Для программных продуктов Dell Inc.: https://www.dell.com/support/kbdoc/ru-ru/000194372/dsn-2021-007-dell-response-to-apache-log4j-remote-code-execution-vulnerability Для РедОС: http://repo.red-soft.ru/redos/7.2c/x86_64/updates/ Для программных продуктов Microsoft Corp.: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-44228 Для UBLinux: https://security.ublinux.ru/AVG-45 Для ОС ОН «Стрелец»: https://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie Для ОСОН Основа: Обновление программного обеспечения apache-log4j2 до версии 2.17.0+repack-1~deb10u1.osnova1 Для ОС ОН «Стрелец»: Обновление программного обеспечения apache-log4j2 до версии 2.12.4-0+deb9u1

Reference

https://access.redhat.com/security/cve/CVE-2021-44228 https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf https://github.com/HyCraftHD/Log4J-RCE-Proof-Of-Concept https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259&cat=SIRT_1&actp=LIST https://logging.apache.org/log4j/2.x/security.html https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 https://redos.red-soft.ru/updatesec/ https://security.ublinux.ru/AVG-45 https://security.netapp.com/advisory/ntap-20211210-0007/ https://security-tracker.debian.org/tracker/CVE-2021-44228 https://strelets.net/patchi-i-obnovleniya-bezopasnosti#26012022 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd https://www.dell.com/support/kbdoc/ru-ru/000194372/dsn-2021-007-dell-response-to-apache-log4j-remote-code-execution-vulnerability https://www.securitylab.ru/news/527397.php https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.4.2/ https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023

CWE

CWE-20, CWE-400, CWE-502

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Siemens AG, Red Hat Inc., \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, NetApp Inc., Microsoft Corp, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb, SonicWall, Juniper Networks Inc., Dell Technologies, Apache Software Foundation, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u041e\u041e\u041e \u00ab\u042e\u0431\u0438\u0442\u0435\u0445\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": ". (Cisco Identity Services Engine), 9 (Debian GNU/Linux), - (Cisco Registered Envelope Service), - (Cisco Umbrella), - (LOGO! Soft Comfort), - (Cisco Evolved Programmable Network Manager), 3.11 (OpenShift Container Platform), 7 (Jboss Fuse), 10 (Debian GNU/Linux), 7.2 \u041c\u0443\u0440\u043e\u043c (\u0420\u0415\u0414 \u041e\u0421), - (Oncommand Insight), - (OpenShift Application Runtimes), 7 (Red Hat Descision Manager), - (JBoss A-MQ Streaming), - (Cisco Webex Meetings), 13.0 (Queens) (Red Hat OpenStack Platform), 4 (OpenShift Container Platform), 7 (JBoss EAP), 12 (CodeReady Studio), 2 (A-MQ Clients), 8 (Data Grid), - (Cisco DNA Center), - (Azure Spring Cloud), - (Red Hat build of Quarkus), - (Red Hat Integration Camel K), - (UCS Director), - (Red Hat Integration Camel Quarkus), 1.0 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb), 11 (Debian GNU/Linux), - (Email Security), - (Cisco Advanced Web Security Reporting Application), - (Cisco CloudCenter Suite Admin), - (Crosswork Change Automation), - (Integrated Management Controller (IMC) Supervisor), - (Intersight Virtual Appliance), - (Network Services Orchestrator), \u0434\u043e 2.1.2 (Cisco Nexus Dashboard), - (Cisco WAN Automation Engine (WAE)), - (Catalyst SD-WAN Manager), - (Cisco BroadCloud), - (Cisco Computer Telephony Integration Object Server (CTIOS)), - (Enterprise Chat and Email), - (Cisco Packaged Contact Center Enterprise), - (Cisco Unified Contact Center Enterprise), - (Cisco Unified SIP Proxy Software), - (Video Surveillance Manager), - (Cisco Kinetic for Cities), - (Cisco Unified Communications Manager Cloud), - (Cisco Webex Cloud-Connected UC (CCUC)), - (Cisco Managed Services Accelerator), - (Cisco ThousandEyes Recorder), - (OpenShift Logging), - (Red Hat JBoss Enterprise Application Platform Expansion Pack), - (Cloud Manager), - (ONTAP Tools for VMware vSphere), - (SnapCenter Plug-in), - (Brocade SAN Navigator (SANnav)), - (Networks NorthStar Controller Application), - (Juniper Networks Paragon Insights), - (Juniper Networks Paragon Pathfinder), - (Juniper Networks Paragon Planner), \u0434\u043e 2019.1 SP1912 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Capital), - (Comos Desktop App), 4.0 (Desigo CC Advanced Reporting), 4.1 (Desigo CC Advanced Reporting), 4.2 (Desigo CC Advanced Reporting), 5.0 (Desigo CC Advanced Reporting), 5.1 (Desigo CC Advanced Reporting), 5.0 (Desigo CC Info Center), 5.1 (Desigo CC Info Center), \u0434\u043e 2021-12-13 (E-Car OC Cloud Application), 3.7 (EnergyIP Prepay), 3.8 (EnergyIP Prepay), \u0434\u043e 8.6.2j-398 (GMA-Manager), - (HES UDIS), - (Industrial Edge Management App (IEM-App)), - (Industrial Edge Management OS (IEM-OS)), - (Industrial Edge Manangement Hub), - (Mendix Applications), \u0434\u043e 2021-12-11 (Mindsphere Cloud Application), - (Siemens NX), \u0434\u043e 3.2 (Opcenter Intelligence), \u0434\u043e 1.1.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Operation Scheduler), 4.2 (SIGUARD DSA), 4.3 (SIGUARD DSA), 4.4 (SIGUARD DSA), \u0434\u043e 7.4 SP1 (SIMATIC WinCC), \u0434\u043e 4.16.2.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Siveillance Command), - (Siveillance Control Pro), - (Siveillance Identity), - (Siveillance Vantage), \u0434\u043e 2020 SP2002 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Solid Edge Wiring Harness Design), - (Spectrum Power 4), - (Teamcenter Suite), \u0434\u043e 2019.1 SP1912 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (VeSys), \u043e\u0442 VX.2.6 \u0434\u043e VX.2.10 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Xpedition EDM Client), \u043e\u0442 VX.2.6 \u0434\u043e VX.2.10 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Xpedition EDM Server), \u043e\u0442 X.2.6 \u0434\u043e X.2.10 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Xpedition Package Integrator), 2.1.1 (EMC Connectrix SANnav), 4.1.2 (Enterprise Hybrid Cloud), \u0434\u043e 6.3.0 (EMC Enterprise Storage Analytics for vRealize Operations), \u0434\u043e 6.3.0 (Storage Analytics for vRealize Operations), - (VxRail), \u0434\u043e 3.5.1 (Wyse Management Suite), \u0434\u043e 2.3.1 (Log4j), \u0434\u043e 2.12.3 (Log4j), \u0434\u043e 2.17.0 (Log4j), - (Azure Application Insights Java SDK), - (Azure Data Lake Store Java tool), - (Azure Data Lake Store Java client SDK), - (Azure DevOps Server), - (Azure DevOps), - (Team Foundation Server), - (SQL Server 2019 Big Data Clusters), - (Azure VMware Solution), - (Azure Databricks), - (Azure Arc-enabled Data Services), - (Minecraft Java Edition), - (Defender for IoT), - (Events Hub Extension), - (Cosmos DB Kafka Connector), \u0434\u043e 2.4.2 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 2204 (UBLinux), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Apache Log4j2:\nhttps://logging.apache.org/log4j/2.x/security.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Cisco Systems Inc.:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2021-44228\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 SonicWall:\nhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2021-44228\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 NetApp Inc.:\nhttps://security.netapp.com/advisory/ntap-20211210-0007/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Juniper Networks Inc.:\nhttps://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11259\u0026cat=SIRT_1\u0026actp=LIST\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Siemens AG:\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Dell Inc.:\nhttps://www.dell.com/support/kbdoc/ru-ru/000194372/dsn-2021-007-dell-response-to-apache-log4j-remote-code-execution-vulnerability\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421:\nhttp://repo.red-soft.ru/redos/7.2c/x86_64/updates/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Microsoft Corp.:\nhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-44228\n\n\u0414\u043b\u044f UBLinux:\nhttps://security.ublinux.ru/AVG-45\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f apache-log4j2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.17.0+repack-1~deb10u1.osnova1\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f apache-log4j2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.12.4-0+deb9u1",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.12.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.12.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-05969",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-44228",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco Identity Services Engine, Debian GNU/Linux, Cisco Registered Envelope Service, Cisco Umbrella, LOGO! Soft Comfort, Cisco Evolved Programmable Network Manager, OpenShift Container Platform, Jboss Fuse, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Oncommand Insight, OpenShift Application Runtimes, Red Hat Descision Manager, JBoss A-MQ Streaming, Cisco Webex Meetings, Red Hat OpenStack Platform, JBoss EAP, CodeReady Studio, A-MQ Clients, Data Grid, Cisco DNA Center, Azure Spring Cloud, Red Hat build of Quarkus, Red Hat Integration Camel K, UCS Director, Red Hat Integration Camel Quarkus, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), Email Security, Cisco Advanced Web Security Reporting Application, Cisco CloudCenter Suite Admin, Crosswork Change Automation, Integrated Management Controller (IMC) Supervisor, Intersight Virtual Appliance, Network Services Orchestrator, Cisco Nexus Dashboard, Cisco WAN Automation Engine (WAE), Catalyst SD-WAN Manager, Cisco BroadCloud, Cisco Computer Telephony Integration Object Server (CTIOS), Enterprise Chat and Email, Cisco Packaged Contact Center Enterprise, Cisco Unified Contact Center Enterprise, Cisco Unified SIP Proxy Software, Video Surveillance Manager, Cisco Kinetic for Cities, Cisco Unified Communications Manager Cloud, Cisco Webex Cloud-Connected UC (CCUC), Cisco Managed Services Accelerator, Cisco ThousandEyes Recorder, OpenShift Logging, Red Hat JBoss Enterprise Application Platform Expansion Pack, Cloud Manager, ONTAP Tools for VMware vSphere, SnapCenter Plug-in, Brocade SAN Navigator (SANnav), Networks NorthStar Controller Application, Juniper Networks Paragon Insights, Juniper Networks Paragon Pathfinder, Juniper Networks Paragon Planner, Capital, Comos Desktop App, Desigo CC Advanced Reporting, Desigo CC Info Center, E-Car OC Cloud Application, EnergyIP Prepay, GMA-Manager, HES UDIS, Industrial Edge Management App (IEM-App), Industrial Edge Management OS (IEM-OS), Industrial Edge Manangement Hub, Mendix Applications, Mindsphere Cloud Application, Siemens NX, Opcenter Intelligence, Operation Scheduler, SIGUARD DSA, SIMATIC WinCC, Siveillance Command, Siveillance Control Pro, Siveillance Identity, Siveillance Vantage, Solid Edge Wiring Harness Design, Spectrum Power 4, Teamcenter Suite, VeSys, Xpedition EDM Client, Xpedition EDM Server, Xpedition Package Integrator, EMC Connectrix SANnav, Enterprise Hybrid Cloud, EMC Enterprise Storage Analytics for vRealize Operations, Storage Analytics for vRealize Operations, VxRail, Wyse Management Suite, Log4j, Azure Application Insights Java SDK, Azure Data Lake Store Java tool, Azure Data Lake Store Java client SDK, Azure DevOps Server, Azure DevOps, Team Foundation Server, SQL Server 2019 Big Data Clusters, Azure VMware Solution, Azure Databricks, Azure Arc-enabled Data Services, Minecraft Java Edition, Defender for IoT, Events Hub Extension, Cosmos DB Kafka Connector, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), UBLinux (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166874)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.2 \u041c\u0443\u0440\u043e\u043c  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb 1.0  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.4.2  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u041e\u041e \u00ab\u042e\u0431\u0438\u0442\u0435\u0445\u00bb UBLinux \u0434\u043e 2204  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166874), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 JNDI \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0436\u0443\u0440\u043d\u0430\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Java-\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c Apache Log4j2, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20), \u041d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0440\u0430\u0441\u0445\u043e\u0434 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (\u00ab\u0418\u0441\u0442\u043e\u0449\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u00bb) (CWE-400), \u0412\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-502)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 JNDI \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0436\u0443\u0440\u043d\u0430\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Java-\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c Apache Log4j2 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 Log4Shell",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445, \u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/security/cve/CVE-2021-44228\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf\nhttps://github.com/HyCraftHD/Log4J-RCE-Proof-Of-Concept\nhttps://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11259\u0026cat=SIRT_1\u0026actp=LIST\nhttps://logging.apache.org/log4j/2.x/security.html\nhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032\nhttps://redos.red-soft.ru/updatesec/\nhttps://security.ublinux.ru/AVG-45\nhttps://security.netapp.com/advisory/ntap-20211210-0007/\nhttps://security-tracker.debian.org/tracker/CVE-2021-44228\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#26012022\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd\nhttps://www.dell.com/support/kbdoc/ru-ru/000194372/dsn-2021-007-dell-response-to-apache-log4j-remote-code-execution-vulnerability\nhttps://www.securitylab.ru/news/527397.php\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.4.2/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20, CWE-400, CWE-502",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)"
}

CERTFR-2022-AVI-125

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits SAP. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SAP	N/A	SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT et 7.49
SAP	N/A	SAP Business Objects Web Intelligence (BI Launchpad) version 420
SAP	N/A	SAP S/4HANA versions 100, 101, 102, 103, 104, 105 et 106
SAP	N/A	SAP Content Server version 7.53
SAP	N/A	SAP 3D Visual Enterprise Viewer version 9.0
SAP	N/A	SAP Web Dispatcher versions 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86 et 7.87
SAP	N/A	SAP NetWeaver and ABAP Platform versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT et 7.49
SAP	N/A	SAP Solution Manager (Diagnostics Root Cause Analysis Tools) version 720
SAP	N/A	SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer) versions 104, 105 et 106
SAP	N/A	SAP Business Client version 6.5
SAP	N/A	SAP Commerce versions 1905, 2005, 2105 et 2011
SAP	N/A	SAP Adaptive Server Enterprise version 16.0
SAP	N/A	SAP Data Intelligence version 3
SAP	N/A	SAP NetWeaver AS ABAP (Workplace Server) versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 787
SAP	N/A	Internet of Things Edge Platform version 4.0
SAP	N/A	SAP NetWeaver Application Server Java versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49 et 7.53
SAP	N/A	SAP NetWeaver (ABAP and Java application Servers) versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755 et 756
SAP	N/A	SAP Dynamic Authorization Management version 9.1.0.0 et 2021.03
SAP	N/A	SAP ERP HCM (Portugal) versions 600, 604 et 608
SAP	N/A	SAP Customer Checkout version 2

References

Title

Publication Time

Tags

Bulletin de sécurité SAP du 09 février 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT et 7.49",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business Objects Web Intelligence (BI Launchpad) version 420",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP S/4HANA versions 100, 101, 102, 103, 104, 105 et 106",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Content Server version 7.53",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP 3D Visual Enterprise Viewer version 9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Web Dispatcher versions 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86 et 7.87",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver and ABAP Platform versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT et 7.49",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Solution Manager (Diagnostics Root Cause Analysis Tools) version 720",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer) versions 104, 105 et 106",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business Client version 6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Commerce versions 1905, 2005, 2105 et 2011",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Adaptive Server Enterprise version 16.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Data Intelligence version 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS ABAP (Workplace Server) versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 787",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Internet of Things Edge Platform version 4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver Application Server Java versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49 et 7.53",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver (ABAP and Java application Servers) versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755 et 756",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Dynamic Authorization Management version 9.1.0.0 et 2021.03",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP ERP HCM (Portugal) versions 600, 604 et 608",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Customer Checkout version 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-22544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22544"
    },
    {
      "name": "CVE-2022-22531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22531"
    },
    {
      "name": "CVE-2022-22543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22543"
    },
    {
      "name": "CVE-2022-22535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22535"
    },
    {
      "name": "CVE-2022-22536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22536"
    },
    {
      "name": "CVE-2021-45105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
    },
    {
      "name": "CVE-2022-22528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22528"
    },
    {
      "name": "CVE-2022-22539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22539"
    },
    {
      "name": "CVE-2022-22532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22532"
    },
    {
      "name": "CVE-2021-45046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
    },
    {
      "name": "CVE-2022-22530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22530"
    },
    {
      "name": "CVE-2022-22546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22546"
    },
    {
      "name": "CVE-2022-22538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22538"
    },
    {
      "name": "CVE-2022-22540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22540"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2021-44832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
    },
    {
      "name": "CVE-2022-22537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22537"
    },
    {
      "name": "CVE-2022-22542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22542"
    },
    {
      "name": "CVE-2022-22534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22534"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-125",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-02-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SAP du 09 f\u00e9vrier 2022",
      "url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022"
    }
  ]
}

CERTFR-2021-AVI-951

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans le noyau Linux de RedHat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - AUS 8.4 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - TUS 8.4 x86_64
Red Hat	N/A	Red Hat JBoss Middleware Text-Only Advisories for MIDDLEWARE 1 x86_64
SolarWinds	Platform	Red Hat OpenShift Container Platform for Power 4.8 for RHEL 8 ppc64le
Red Hat	N/A	Red Hat Integration Text-Only Advisories x86_64
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.4 ppc64le
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.4 aarch64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64
Red Hat	N/A	Red Hat Openshift Application Runtimes Text-Only Advisories x86_64
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4 x86_64
Red Hat	N/A	Red Hat Integration - Camel K 1 x86_64
SolarWinds	Platform	Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
Red Hat	N/A	Red Hat Fuse 1 x86_64
SolarWinds	Platform	Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.8 for RHEL 8 s390x
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64
Red Hat	N/A	Red Hat JBoss Data Grid Text-Only Advisories x86_64

References

Title

Publication Time

Tags

Bulletin de sécurité RedHat RHSA-2021:5130 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité RedHat RHBA-2021:5114 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2021:5138 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2021:5132 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2021:5126 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2021:5134 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2021:5133 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2021:5108 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2021:5093 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2021:5101 du 14 décembre 2021	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Red Hat Enterprise Linux Server - AUS 8.4 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - TUS 8.4 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat JBoss Middleware Text-Only Advisories for MIDDLEWARE 1 x86_64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat OpenShift Container Platform for Power 4.8 for RHEL 8 ppc64le",
      "product": {
        "name": "Platform",
        "vendor": {
          "name": "SolarWinds",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Integration Text-Only Advisories x86_64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.4 ppc64le",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.4 aarch64",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Openshift Application Runtimes Text-Only Advisories x86_64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4 x86_64",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Integration - Camel K 1 x86_64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64",
      "product": {
        "name": "Platform",
        "vendor": {
          "name": "SolarWinds",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Fuse 1 x86_64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.8 for RHEL 8 s390x",
      "product": {
        "name": "Platform",
        "vendor": {
          "name": "SolarWinds",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat JBoss Data Grid Text-Only Advisories x86_64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-27223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27223"
    },
    {
      "name": "CVE-2020-27218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27218"
    },
    {
      "name": "CVE-2021-21343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21343"
    },
    {
      "name": "CVE-2021-29425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
    },
    {
      "name": "CVE-2021-21409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
    },
    {
      "name": "CVE-2021-22118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22118"
    },
    {
      "name": "CVE-2020-2875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2875"
    },
    {
      "name": "CVE-2021-3536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3536"
    },
    {
      "name": "CVE-2021-28169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
    },
    {
      "name": "CVE-2021-21348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21348"
    },
    {
      "name": "CVE-2020-11988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11988"
    },
    {
      "name": "CVE-2020-35510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35510"
    },
    {
      "name": "CVE-2021-45606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45606"
    },
    {
      "name": "CVE-2020-2934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2934"
    },
    {
      "name": "CVE-2021-21344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21344"
    },
    {
      "name": "CVE-2020-26259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26259"
    },
    {
      "name": "CVE-2021-3597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3597"
    },
    {
      "name": "CVE-2021-28170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28170"
    },
    {
      "name": "CVE-2021-21341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21341"
    },
    {
      "name": "CVE-2020-13949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
    },
    {
      "name": "CVE-2021-4104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
    },
    {
      "name": "CVE-2021-3690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3690"
    },
    {
      "name": "CVE-2020-17521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-17521"
    },
    {
      "name": "CVE-2021-22696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22696"
    },
    {
      "name": "CVE-2021-28163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
    },
    {
      "name": "CVE-2021-37137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
    },
    {
      "name": "CVE-2020-9488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9488"
    },
    {
      "name": "CVE-2021-21347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21347"
    },
    {
      "name": "CVE-2021-27568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27568"
    },
    {
      "name": "CVE-2020-26217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26217"
    },
    {
      "name": "CVE-2021-37136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
    },
    {
      "name": "CVE-2021-23926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23926"
    },
    {
      "name": "CVE-2019-10744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10744"
    },
    {
      "name": "CVE-2021-21295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
    },
    {
      "name": "CVE-2021-21346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21346"
    },
    {
      "name": "CVE-2021-30468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30468"
    },
    {
      "name": "CVE-2021-21351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21351"
    },
    {
      "name": "CVE-2021-21345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21345"
    },
    {
      "name": "CVE-2020-28491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28491"
    },
    {
      "name": "CVE-2021-45046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
    },
    {
      "name": "CVE-2021-37714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37714"
    },
    {
      "name": "CVE-2019-12415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12415"
    },
    {
      "name": "CVE-2021-20218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20218"
    },
    {
      "name": "CVE-2020-27782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27782"
    },
    {
      "name": "CVE-2021-30129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30129"
    },
    {
      "name": "CVE-2020-17527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-17527"
    },
    {
      "name": "CVE-2021-21349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21349"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2020-13943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13943"
    },
    {
      "name": "CVE-2020-15522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15522"
    },
    {
      "name": "CVE-2021-28164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28164"
    },
    {
      "name": "CVE-2020-11987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11987"
    },
    {
      "name": "CVE-2021-21290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
    },
    {
      "name": "CVE-2021-21342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21342"
    },
    {
      "name": "CVE-2021-3629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3629"
    },
    {
      "name": "CVE-2021-21350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21350"
    },
    {
      "name": "CVE-2021-34428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5101 du 14 d\u00e9cembre 2021",
      "url": "https://access.redhat.com/errata/RHBA-2021:5101"
    }
  ],
  "reference": "CERTFR-2021-AVI-951",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-12-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nRedHat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de RedHat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5130 du 14 d\u00e9cembre 2021",
      "url": "https://access.redhat.com/errata/RHSA-2021:5130"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHBA-2021:5114 du 14 d\u00e9cembre 2021",
      "url": "https://access.redhat.com/errata/RHBA-2021:5114"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5138 du 14 d\u00e9cembre 2021",
      "url": "https://access.redhat.com/errata/RHSA-2021:5138"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5132 du 14 d\u00e9cembre 2021",
      "url": "https://access.redhat.com/errata/RHSA-2021:5132"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5126 du 14 d\u00e9cembre 2021",
      "url": "https://access.redhat.com/errata/RHSA-2021:5126"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5134 du 14 d\u00e9cembre 2021",
      "url": "https://access.redhat.com/errata/RHSA-2021:5134"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5133 du 14 d\u00e9cembre 2021",
      "url": "https://access.redhat.com/errata/RHSA-2021:5133"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5108 du 14 d\u00e9cembre 2021",
      "url": "https://access.redhat.com/errata/RHSA-2021:5108"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5093 du 14 d\u00e9cembre 2021",
      "url": "https://access.redhat.com/errata/RHSA-2021:5093"
    }
  ]
}

CERTFR-2022-AVI-526

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Db2	IBM Db2 versions 11.5.x antérieures à 11.5.7 sans le dernier correctif de sécurité
IBM	Db2	IBM Db2 versions 10.5.x antérieures à 10.5 FP11
IBM	Db2	IBM Db2 versions 11.1.x antérieures à 11.1.4 FP6
IBM	Db2	IBM Db2 versions 11.5.x antérieures à 11.5.6 sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6528672 du 06 juin 2022	None	vendor-advisory
Bulletin de sécurité IBM 6528678 du 07 juin 2022	None	vendor-advisory
Bulletin de sécurité IBM 6526462 du 06 juin 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.7 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 10.5.x ant\u00e9rieures \u00e0 10.5 FP11",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 11.1.x ant\u00e9rieures \u00e0 11.1.4 FP6",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.6 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-45105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
    },
    {
      "name": "CVE-2021-4104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
    },
    {
      "name": "CVE-2021-45046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2021-44832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-526",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, une ex\u00e9cution de code\narbitraire et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6528672 du 06 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6528672"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6528678 du 07 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6528678"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6526462 du 06 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6526462"
    }
  ]
}

CERTFR-2022-AVI-568

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.5 sans le correctif de sécurité 7.5.0-QRADAR-PROTOCOL-ApacheKafka-7.5-20220429171113
IBM	N/A	IBM Disconnected Log Collector versions 1.x antérieures à 1.7.3
IBM	N/A	IBM Customer and Network Analytics for Communications Service Providers and Datasets (CNA) versions 10.0.0.x antérieures à 10.0.0.2
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.4 sans le correctif de sécurité 7.4.0-QRADAR-PROTOCOL-ApacheKafka-7.4-20220429171217
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.3 sans le correctif de sécurité 7.3.0-QRADAR-PROTOCOL-ApacheKafka-7.3-20220429171209
IBM	N/A	IBM Rational Test Control Panel component in Rational Test Workbench toutes versions sans le correctif de sécurité Rational-RTCP-<product-name>-<product-version>-CVE-2022-22965-ifix
IBM	N/A	IBM Analytic Accelerator Framework for Communication Service Providers (AAF) versions 4.0.0.x antérieures à 4.0.0.2
IBM	N/A	IBM Rational Test Control Panel component in Rational Test Virtualization Server toutes versions sans le correctif de sécurité Rational-RTCP-<product-name>-<product-version>-CVE-2022-22965-ifix

References

Title

Publication Time

Tags

Bulletin de sécurité les produits IBM 6595755 du 16 juin 2022	None	vendor-advisory
Bulletin de sécurité les produits IBM 6595739 du 16 juin 2022	None	vendor-advisory
Bulletin de sécurité les produits IBM 6595965 du 16 juin 2022	None	vendor-advisory
Bulletin de sécurité les produits IBM 6595721 du 16 juin 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM QRadar SIEM versions 7.5 sans le correctif de s\u00e9curit\u00e9 7.5.0-QRADAR-PROTOCOL-ApacheKafka-7.5-20220429171113",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Disconnected Log Collector versions 1.x ant\u00e9rieures \u00e0 1.7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Customer and Network Analytics for Communications Service Providers and Datasets (CNA) versions 10.0.0.x ant\u00e9rieures \u00e0 10.0.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.4 sans le correctif de s\u00e9curit\u00e9 7.4.0-QRADAR-PROTOCOL-ApacheKafka-7.4-20220429171217",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.3 sans le correctif de s\u00e9curit\u00e9 7.3.0-QRADAR-PROTOCOL-ApacheKafka-7.3-20220429171209",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Rational Test Control Panel component in Rational Test Workbench toutes versions sans le correctif de s\u00e9curit\u00e9 Rational-RTCP-\u003cproduct-name\u003e-\u003cproduct-version\u003e-CVE-2022-22965-ifix",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Analytic Accelerator Framework for Communication Service Providers (AAF) versions 4.0.0.x ant\u00e9rieures \u00e0 4.0.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Rational Test Control Panel component in Rational Test Virtualization Server toutes versions sans le correctif de s\u00e9curit\u00e9 Rational-RTCP-\u003cproduct-name\u003e-\u003cproduct-version\u003e-CVE-2022-22965-ifix",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-12384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
    },
    {
      "name": "CVE-2019-17267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
    },
    {
      "name": "CVE-2014-0075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
    },
    {
      "name": "CVE-2022-22965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
    },
    {
      "name": "CVE-2012-5886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5886"
    },
    {
      "name": "CVE-2021-29425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
    },
    {
      "name": "CVE-2016-6797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6797"
    },
    {
      "name": "CVE-2016-8735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8735"
    },
    {
      "name": "CVE-2020-8022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8022"
    },
    {
      "name": "CVE-2013-4286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4286"
    },
    {
      "name": "CVE-2020-9546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
    },
    {
      "name": "CVE-2012-5885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5885"
    },
    {
      "name": "CVE-2020-10673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
    },
    {
      "name": "CVE-2020-35728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
    },
    {
      "name": "CVE-2014-0119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
    },
    {
      "name": "CVE-2013-4590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4590"
    },
    {
      "name": "CVE-2020-36181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
    },
    {
      "name": "CVE-2020-9548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
    },
    {
      "name": "CVE-2020-36182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
    },
    {
      "name": "CVE-2020-24616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
    },
    {
      "name": "CVE-2020-36185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
    },
    {
      "name": "CVE-2019-17195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17195"
    },
    {
      "name": "CVE-2019-16942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
    },
    {
      "name": "CVE-2014-0227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0227"
    },
    {
      "name": "CVE-2020-9547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
    },
    {
      "name": "CVE-2016-0706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0706"
    },
    {
      "name": "CVE-2020-36179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
    },
    {
      "name": "CVE-2020-36186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
    },
    {
      "name": "CVE-2020-36189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
    },
    {
      "name": "CVE-2020-35490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
    },
    {
      "name": "CVE-2021-20190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
    },
    {
      "name": "CVE-2021-45105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
    },
    {
      "name": "CVE-2019-16335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
    },
    {
      "name": "CVE-2016-0714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0714"
    },
    {
      "name": "CVE-2012-4431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4431"
    },
    {
      "name": "CVE-2019-14893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
    },
    {
      "name": "CVE-2014-0230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0230"
    },
    {
      "name": "CVE-2020-11113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
    },
    {
      "name": "CVE-2014-0099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
    },
    {
      "name": "CVE-2013-2185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2185"
    },
    {
      "name": "CVE-2020-10672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
    },
    {
      "name": "CVE-2019-14439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
    },
    {
      "name": "CVE-2020-10969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
    },
    {
      "name": "CVE-2016-6794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6794"
    },
    {
      "name": "CVE-2020-36187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
    },
    {
      "name": "CVE-2015-5174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5174"
    },
    {
      "name": "CVE-2021-27568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27568"
    },
    {
      "name": "CVE-2013-2067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2067"
    },
    {
      "name": "CVE-2021-33813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33813"
    },
    {
      "name": "CVE-2020-11620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
    },
    {
      "name": "CVE-2020-24750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
    },
    {
      "name": "CVE-2021-38153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38153"
    },
    {
      "name": "CVE-2016-6816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6816"
    },
    {
      "name": "CVE-2018-17196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17196"
    },
    {
      "name": "CVE-2019-16943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
    },
    {
      "name": "CVE-2012-3546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3546"
    },
    {
      "name": "CVE-2019-20330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
    },
    {
      "name": "CVE-2020-14195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
    },
    {
      "name": "CVE-2016-5018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5018"
    },
    {
      "name": "CVE-2018-10237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
    },
    {
      "name": "CVE-2019-12814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
    },
    {
      "name": "CVE-2020-35491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
    },
    {
      "name": "CVE-2019-17531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
    },
    {
      "name": "CVE-2013-4322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4322"
    },
    {
      "name": "CVE-2021-45046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
    },
    {
      "name": "CVE-2020-14061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
    },
    {
      "name": "CVE-2012-4534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4534"
    },
    {
      "name": "CVE-2020-11619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
    },
    {
      "name": "CVE-2020-36183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
    },
    {
      "name": "CVE-2014-7810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7810"
    },
    {
      "name": "CVE-2020-8840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
    },
    {
      "name": "CVE-2020-8908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
    },
    {
      "name": "CVE-2016-0762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0762"
    },
    {
      "name": "CVE-2020-36184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
    },
    {
      "name": "CVE-2014-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0033"
    },
    {
      "name": "CVE-2020-36180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2019-14540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
    },
    {
      "name": "CVE-2019-12086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
    },
    {
      "name": "CVE-2013-4444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4444"
    },
    {
      "name": "CVE-2012-3544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
    },
    {
      "name": "CVE-2012-5887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5887"
    },
    {
      "name": "CVE-2020-10968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
    },
    {
      "name": "CVE-2017-5647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5647"
    },
    {
      "name": "CVE-2020-25649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
    },
    {
      "name": "CVE-2019-14379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
    },
    {
      "name": "CVE-2015-5345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5345"
    },
    {
      "name": "CVE-2020-11112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
    },
    {
      "name": "CVE-2020-11111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
    },
    {
      "name": "CVE-2016-5388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5388"
    },
    {
      "name": "CVE-2014-0096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
    },
    {
      "name": "CVE-2012-2733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2733"
    },
    {
      "name": "CVE-2020-14060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
    },
    {
      "name": "CVE-2020-36188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
    },
    {
      "name": "CVE-2016-6796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6796"
    },
    {
      "name": "CVE-2019-14892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
    },
    {
      "name": "CVE-2020-14062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-568",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595755 du 16 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6595755"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595739 du 16 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6595739"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595965 du 16 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6595965"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595721 du 16 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6595721"
    }
  ]
}

CERTFR-2022-AVI-125

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits SAP. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SAP	N/A	SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT et 7.49
SAP	N/A	SAP Business Objects Web Intelligence (BI Launchpad) version 420
SAP	N/A	SAP S/4HANA versions 100, 101, 102, 103, 104, 105 et 106
SAP	N/A	SAP Content Server version 7.53
SAP	N/A	SAP 3D Visual Enterprise Viewer version 9.0
SAP	N/A	SAP Web Dispatcher versions 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86 et 7.87
SAP	N/A	SAP NetWeaver and ABAP Platform versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT et 7.49
SAP	N/A	SAP Solution Manager (Diagnostics Root Cause Analysis Tools) version 720
SAP	N/A	SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer) versions 104, 105 et 106
SAP	N/A	SAP Business Client version 6.5
SAP	N/A	SAP Commerce versions 1905, 2005, 2105 et 2011
SAP	N/A	SAP Adaptive Server Enterprise version 16.0
SAP	N/A	SAP Data Intelligence version 3
SAP	N/A	SAP NetWeaver AS ABAP (Workplace Server) versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 787
SAP	N/A	Internet of Things Edge Platform version 4.0
SAP	N/A	SAP NetWeaver Application Server Java versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49 et 7.53
SAP	N/A	SAP NetWeaver (ABAP and Java application Servers) versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755 et 756
SAP	N/A	SAP Dynamic Authorization Management version 9.1.0.0 et 2021.03
SAP	N/A	SAP ERP HCM (Portugal) versions 600, 604 et 608
SAP	N/A	SAP Customer Checkout version 2

References

Title

Publication Time

Tags

Bulletin de sécurité SAP du 09 février 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT et 7.49",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business Objects Web Intelligence (BI Launchpad) version 420",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP S/4HANA versions 100, 101, 102, 103, 104, 105 et 106",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Content Server version 7.53",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP 3D Visual Enterprise Viewer version 9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Web Dispatcher versions 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86 et 7.87",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver and ABAP Platform versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT et 7.49",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Solution Manager (Diagnostics Root Cause Analysis Tools) version 720",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer) versions 104, 105 et 106",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business Client version 6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Commerce versions 1905, 2005, 2105 et 2011",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Adaptive Server Enterprise version 16.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Data Intelligence version 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS ABAP (Workplace Server) versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 787",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Internet of Things Edge Platform version 4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver Application Server Java versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49 et 7.53",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver (ABAP and Java application Servers) versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755 et 756",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Dynamic Authorization Management version 9.1.0.0 et 2021.03",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP ERP HCM (Portugal) versions 600, 604 et 608",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Customer Checkout version 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-22544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22544"
    },
    {
      "name": "CVE-2022-22531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22531"
    },
    {
      "name": "CVE-2022-22543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22543"
    },
    {
      "name": "CVE-2022-22535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22535"
    },
    {
      "name": "CVE-2022-22536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22536"
    },
    {
      "name": "CVE-2021-45105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
    },
    {
      "name": "CVE-2022-22528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22528"
    },
    {
      "name": "CVE-2022-22539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22539"
    },
    {
      "name": "CVE-2022-22532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22532"
    },
    {
      "name": "CVE-2021-45046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
    },
    {
      "name": "CVE-2022-22530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22530"
    },
    {
      "name": "CVE-2022-22546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22546"
    },
    {
      "name": "CVE-2022-22538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22538"
    },
    {
      "name": "CVE-2022-22540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22540"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2021-44832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
    },
    {
      "name": "CVE-2022-22537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22537"
    },
    {
      "name": "CVE-2022-22542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22542"
    },
    {
      "name": "CVE-2022-22534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22534"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-125",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-02-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SAP du 09 f\u00e9vrier 2022",
      "url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022"
    }
  ]
}

CERTFR-2022-AVI-016

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SAP	N/A	SAP Enterprise Continuous Testing by Tricentis
SAP	N/A	SAP S/4HANA versions 100, 101, 102, 103, 104, 105 et 106
SAP	N/A	SAP Edge Services Cloud Edition
SAP	N/A	SAP GRC Access Control versions V1100_700, V1100_731 et V1200_750
SAP	N/A	SAP Internet of Things Edge Platform
SAP	N/A	SAP Cloud for Customer (complément pour le client Lotus notes)
SAP	N/A	SAP NetWeaver AS for ABAP and ABAP Platform versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 786
SAP	N/A	SAP Connected Health Platform 2.0 - Fhirserver
SAP	N/A	SAP HANA XS Advanced Cockpit
SAP	N/A	SAP 3D Visual Enterprise Viewer version 9
SAP	N/A	SAP Reference Template for enabling ingestion and persistence of time series data in Azure
SAP	N/A	SAP NetWeaver ABAP Server and ABAP Platform (Adobe LiveCycle Designer 11.0)
SAP	N/A	SAP BTP Cloud Foundry
SAP	N/A	SAP HANA XS Advanced
SAP	N/A	SAP Cloud-to-Cloud Interoperability
SAP	N/A	SAP Digital Manufacturing Cloud for Edge Computing
SAP	N/A	SAP Enterprise Threat Detection version 2.0
SAP	N/A	SAP NetWeaver Process Integration
SAP	N/A	SAP Enable Now Manager
SAP	N/A	SAP Customer Checkout
SAP	N/A	SAP BTP API Management (Tenant Cloning Tool)
SAP	N/A	SAP Edge Services On Premise Edition
SAP	N/A	SAP Business One
SAP	N/A	SAP Business One version 10
SAP	N/A	SAP Landscape Management
SAP	N/A	SAP Localization Hub, digital compliance service for India
SAP	N/A	SAP NetWeaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755 et 756
SAP	N/A	SAP BTP Kyma

References

Title

Publication Time

Tags

Bulletin de sécurité SAP du 11 janvier 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SAP Enterprise Continuous Testing by Tricentis",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP S/4HANA versions 100, 101, 102, 103, 104, 105 et 106",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Edge Services Cloud Edition",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP GRC Access Control versions V1100_700, V1100_731 et V1200_750",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Internet of Things Edge Platform",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Cloud for Customer (compl\u00e9ment pour le client Lotus notes)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS for ABAP and ABAP Platform versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 786",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Connected Health Platform 2.0 - Fhirserver",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP HANA XS Advanced Cockpit",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP 3D Visual Enterprise Viewer version 9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Reference Template for enabling ingestion and persistence of time series data in Azure",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver ABAP Server and ABAP Platform (Adobe LiveCycle Designer 11.0)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP BTP Cloud Foundry",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP HANA XS Advanced",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Cloud-to-Cloud Interoperability",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Digital Manufacturing Cloud for Edge Computing",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Enterprise Threat Detection version 2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver Process Integration",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Enable Now Manager",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Customer Checkout",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP BTP API Management (Tenant Cloning Tool)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Edge Services On Premise Edition",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business One",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business One version 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Landscape Management",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Localization Hub, digital compliance service for India",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755 et 756",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP BTP Kyma",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-44233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44233"
    },
    {
      "name": "CVE-2022-22531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22531"
    },
    {
      "name": "CVE-2021-44235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44235"
    },
    {
      "name": "CVE-2021-42069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42069"
    },
    {
      "name": "CVE-2022-42067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42067"
    },
    {
      "name": "CVE-2021-42070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42070"
    },
    {
      "name": "CVE-2022-22530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22530"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2021-42068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42068"
    },
    {
      "name": "CVE-2021-44234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44234"
    },
    {
      "name": "CVE-2021-42066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42066"
    },
    {
      "name": "CVE-2022-22529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22529"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-016",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-01-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SAP du 11 janvier 2022",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035"
    }
  ]
}

CERTFR-2022-AVI-570

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	N/A	IBM Security Guardium versions 11.1 sans le correctif de sécurité SqlGuard_11.0p160_Bundle_Mar-23-2022
IBM	N/A	IBM Security Guardium versions 10.6 sans le correctif de sécurité SqlGuard_10.0p692_Bundle_May-12-2022
IBM	N/A	IBM Security Guardium versions 11.2 sans le correctif de sécurité SqlGuard_11.0p270_Bundle_Feb-24-2022
IBM	N/A	IBM Security Guardium versions 11.3 sans le correctif de sécurité SqlGuard_11.0p360_Bundle_Mar-24-2022
IBM	N/A	IBM StoredIQ versions 7.6.0.x antérieures à 7.6.0.22 sans le correctif de sécurité siq_7_6_0_22_log4j_2_17_1
IBM	QRadar WinCollect Agent	IBM QRadar WinCollect Agent versions 10.0.x antérieures à 10.0.2
IBM	N/A	IBM Security Guardium versions 11.0 sans le correctif de sécurité SqlGuard_11.0p45_Bundle_May-03-2022
IBM	N/A	IBM Security Guardium versions 10.5 sans le correctif de sécurité SqlGuard_10.0p550_Bundle_Mar-27-2022

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6596145 du 17 juin 2022	None	vendor-advisory
Bulletin de sécurité IBM 6596155 du 17 juin 2022	None	vendor-advisory
Bulletin de sécurité IBM 6596085 du 17 juin 2022	None	vendor-advisory
Bulletin de sécurité IBM 6572497 du 17 juin 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Security Guardium versions 11.1 sans le correctif de s\u00e9curit\u00e9 SqlGuard_11.0p160_Bundle_Mar-23-2022",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security Guardium versions 10.6 sans le correctif de s\u00e9curit\u00e9 SqlGuard_10.0p692_Bundle_May-12-2022",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security Guardium versions 11.2 sans le correctif de s\u00e9curit\u00e9 SqlGuard_11.0p270_Bundle_Feb-24-2022",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security Guardium versions 11.3 sans le correctif de s\u00e9curit\u00e9 SqlGuard_11.0p360_Bundle_Mar-24-2022",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM StoredIQ versions 7.6.0.x ant\u00e9rieures \u00e0 7.6.0.22 sans le correctif de s\u00e9curit\u00e9 siq_7_6_0_22_log4j_2_17_1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar WinCollect Agent versions 10.0.x ant\u00e9rieures \u00e0 10.0.2",
      "product": {
        "name": "QRadar WinCollect Agent",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security Guardium versions 11.0 sans le correctif de s\u00e9curit\u00e9 SqlGuard_11.0p45_Bundle_May-03-2022",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security Guardium versions 10.5 sans le correctif de s\u00e9curit\u00e9 SqlGuard_10.0p550_Bundle_Mar-27-2022",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-1343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
    },
    {
      "name": "CVE-2022-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
    },
    {
      "name": "CVE-2022-1292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
    },
    {
      "name": "CVE-2018-1320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1320"
    },
    {
      "name": "CVE-2022-27776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
    },
    {
      "name": "CVE-2020-13949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
    },
    {
      "name": "CVE-2021-45105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
    },
    {
      "name": "CVE-2021-22947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
    },
    {
      "name": "CVE-2022-22576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
    },
    {
      "name": "CVE-2021-22946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
    },
    {
      "name": "CVE-2018-11798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11798"
    },
    {
      "name": "CVE-2022-27775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
    },
    {
      "name": "CVE-2022-27774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
    },
    {
      "name": "CVE-2016-5397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5397"
    },
    {
      "name": "CVE-2021-45046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
    },
    {
      "name": "CVE-2019-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
    },
    {
      "name": "CVE-2022-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2021-3712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
    },
    {
      "name": "CVE-2019-0210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0210"
    },
    {
      "name": "CVE-2022-1434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
    },
    {
      "name": "CVE-2021-22945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22945"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-570",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6596145 du 17 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6596145"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6596155 du 17 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6596155"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6596085 du 17 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6596085"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6572497 du 17 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6572497"
    }
  ]
}

CERTFR-2021-AVI-953

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	SCD6000 Industrial RTU version SCD6000 SY11012 11_M et antérieures
N/A	N/A	Modicon BMENOC 0311
N/A	N/A	EVlink City (EVC1S22P4 / EVC1S7P4), EVlink Parking (EVW2 / EVF2 / EVP2PE), EVlink Smart Wallbox EVB1A toutes versions antérieures à R8 V3.4.0.2
N/A	N/A	Modicon BMENOC 0321
N/A	N/A	Modicon M580
N/A	N/A	EcoStruxure™ Power Monitoring Expert versions V9.0 et antérieures
N/A	N/A	IGSS Data Collector (dc.exe) version 15.0.0.21320 et antérieures
N/A	N/A	APDU9xxx with NMC3 version V1.0.0.28 et antérieures
N/A	N/A	AP7xxxx and AP8xxx with NMC2 version V6.9.6 et antérieures
N/A	N/A	AP7xxx and AP8xxx with NMC3 version V1.1.0.3 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SEVD-2021-348-02 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-348-01 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SSEVD-2021-348-03 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2019-281-04 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-348-04 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-05 du 14 décembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SCD6000 Industrial RTU version SCD6000 SY11012 11_M et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon BMENOC 0311",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "EVlink City (EVC1S22P4 / EVC1S7P4), EVlink Parking (EVW2 / EVF2 / EVP2PE), EVlink Smart Wallbox EVB1A toutes versions ant\u00e9rieures \u00e0 R8 V3.4.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon BMENOC 0321",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon M580",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "EcoStruxure\u2122 Power Monitoring Expert versions V9.0 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "IGSS Data Collector (dc.exe) version 15.0.0.21320 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "APDU9xxx with NMC3 version V1.0.0.28 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "AP7xxxx and AP8xxx with NMC2 version V6.9.6 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "AP7xxx and AP8xxx with NMC3 version V1.1.0.3 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-35198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
    },
    {
      "name": "CVE-2021-22725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22725"
    },
    {
      "name": "CVE-2019-6848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6848"
    },
    {
      "name": "CVE-2021-22156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22156"
    },
    {
      "name": "CVE-2021-22823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22823"
    },
    {
      "name": "CVE-2021-22818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22818"
    },
    {
      "name": "CVE-2021-22820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22820"
    },
    {
      "name": "CVE-2021-22821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22821"
    },
    {
      "name": "CVE-2021-22824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22824"
    },
    {
      "name": "CVE-2021-22822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22822"
    },
    {
      "name": "CVE-2019-6849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6849"
    },
    {
      "name": "CVE-2021-22825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22825"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2021-22724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22724"
    },
    {
      "name": "CVE-2020-28895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
    },
    {
      "name": "CVE-2021-22826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22826"
    },
    {
      "name": "CVE-2019-6850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6850"
    },
    {
      "name": "CVE-2021-22827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22827"
    },
    {
      "name": "CVE-2021-22819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22819"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-953",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-12-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-348-02 du 14 d\u00e9cembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-348-01 du 14 d\u00e9cembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SSEVD-2021-348-03 du 14 d\u00e9cembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2019-281-04 du 14 d\u00e9cembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-281-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-348-04 du 14 d\u00e9cembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 14 d\u00e9cembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05"
    }
  ]
}

CERTFR-2022-AVI-243

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	iTunes pour Windows versions antérieures à 12.12.3
Apple	N/A	Xcode versions antérieures à 13.3
Apple	macOS	macOS Catalina sans le correctif de sécurité 2022-003
Apple	N/A	watchOS versions antérieures à 8.5
Apple	macOS	macOS Monterey versions antérieures à 12.3
Apple	N/A	Logic Pro X versions antérieures à 10.7.3
Apple	N/A	iOS et iPadOS versions antérieures à 15.4
Apple	N/A	GarageBand versions antérieures à 10.4.6
Apple	macOS	macOS Big Sur versions antérieures à 11.6.5

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT213191 du 14 mars 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213182 du 14 mars 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213184 du 14 mars 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213185 du 14 mars 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213183 du 14 mars 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213188 du 14 mars 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213190 du 14 mars 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213193 du 14 mars 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213189 du 14 mars 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iTunes pour Windows versions ant\u00e9rieures \u00e0 12.12.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Xcode versions ant\u00e9rieures \u00e0 13.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Catalina sans le correctif de s\u00e9curit\u00e9 2022-003",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 8.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Monterey versions ant\u00e9rieures \u00e0 12.3",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Logic Pro X versions ant\u00e9rieures \u00e0 10.7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 15.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "GarageBand versions ant\u00e9rieures \u00e0 10.4.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.6.5",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-22653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22653"
    },
    {
      "name": "CVE-2022-22652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22652"
    },
    {
      "name": "CVE-2022-22647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22647"
    },
    {
      "name": "CVE-2022-22659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22659"
    },
    {
      "name": "CVE-2022-22656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22656"
    },
    {
      "name": "CVE-2022-0158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0158"
    },
    {
      "name": "CVE-2022-22612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22612"
    },
    {
      "name": "CVE-2022-22671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22671"
    },
    {
      "name": "CVE-2022-22643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22643"
    },
    {
      "name": "CVE-2021-4192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4192"
    },
    {
      "name": "CVE-2022-22670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22670"
    },
    {
      "name": "CVE-2022-22651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22651"
    },
    {
      "name": "CVE-2022-22602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22602"
    },
    {
      "name": "CVE-2022-22611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22611"
    },
    {
      "name": "CVE-2022-22626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22626"
    },
    {
      "name": "CVE-2021-4173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
    },
    {
      "name": "CVE-2022-22624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22624"
    },
    {
      "name": "CVE-2022-22597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22597"
    },
    {
      "name": "CVE-2022-22648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22648"
    },
    {
      "name": "CVE-2022-22641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22641"
    },
    {
      "name": "CVE-2022-22622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22622"
    },
    {
      "name": "CVE-2021-4136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
    },
    {
      "name": "CVE-2022-22669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22669"
    },
    {
      "name": "CVE-2022-0156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0156"
    },
    {
      "name": "CVE-2022-22601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22601"
    },
    {
      "name": "CVE-2022-22623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22623"
    },
    {
      "name": "CVE-2022-22614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22614"
    },
    {
      "name": "CVE-2021-22947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
    },
    {
      "name": "CVE-2022-22598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22598"
    },
    {
      "name": "CVE-2022-22666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22666"
    },
    {
      "name": "CVE-2022-22618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22618"
    },
    {
      "name": "CVE-2021-4166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
    },
    {
      "name": "CVE-2021-22946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
    },
    {
      "name": "CVE-2022-0128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0128"
    },
    {
      "name": "CVE-2022-22639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22639"
    },
    {
      "name": "CVE-2022-22662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22662"
    },
    {
      "name": "CVE-2022-22638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22638"
    },
    {
      "name": "CVE-2022-22609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22609"
    },
    {
      "name": "CVE-2022-22665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22665"
    },
    {
      "name": "CVE-2022-22600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22600"
    },
    {
      "name": "CVE-2022-22617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22617"
    },
    {
      "name": "CVE-2022-22640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22640"
    },
    {
      "name": "CVE-2022-22642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22642"
    },
    {
      "name": "CVE-2022-22596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22596"
    },
    {
      "name": "CVE-2021-4193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4193"
    },
    {
      "name": "CVE-2021-36976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36976"
    },
    {
      "name": "CVE-2022-22582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22582"
    },
    {
      "name": "CVE-2022-22605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22605"
    },
    {
      "name": "CVE-2022-22599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22599"
    },
    {
      "name": "CVE-2022-22650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22650"
    },
    {
      "name": "CVE-2022-22625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22625"
    },
    {
      "name": "CVE-2022-22604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22604"
    },
    {
      "name": "CVE-2022-22632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22632"
    },
    {
      "name": "CVE-2022-22660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22660"
    },
    {
      "name": "CVE-2022-22657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22657"
    },
    {
      "name": "CVE-2022-22607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22607"
    },
    {
      "name": "CVE-2022-22627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22627"
    },
    {
      "name": "CVE-2022-22636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22636"
    },
    {
      "name": "CVE-2022-22615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22615"
    },
    {
      "name": "CVE-2022-22634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22634"
    },
    {
      "name": "CVE-2022-22635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22635"
    },
    {
      "name": "CVE-2021-30918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30918"
    },
    {
      "name": "CVE-2022-22621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22621"
    },
    {
      "name": "CVE-2022-22637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22637"
    },
    {
      "name": "CVE-2022-22654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22654"
    },
    {
      "name": "CVE-2022-22606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22606"
    },
    {
      "name": "CVE-2022-22633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22633"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2022-22603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22603"
    },
    {
      "name": "CVE-2022-22616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22616"
    },
    {
      "name": "CVE-2022-22661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22661"
    },
    {
      "name": "CVE-2022-22613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22613"
    },
    {
      "name": "CVE-2022-22610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22610"
    },
    {
      "name": "CVE-2022-22608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22608"
    },
    {
      "name": "CVE-2022-22668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22668"
    },
    {
      "name": "CVE-2019-14379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
    },
    {
      "name": "CVE-2022-22628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22628"
    },
    {
      "name": "CVE-2022-22644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22644"
    },
    {
      "name": "CVE-2021-4187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
    },
    {
      "name": "CVE-2022-22664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22664"
    },
    {
      "name": "CVE-2022-22667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22667"
    },
    {
      "name": "CVE-2021-46059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46059"
    },
    {
      "name": "CVE-2022-22629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22629"
    },
    {
      "name": "CVE-2021-22945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22945"
    },
    {
      "name": "CVE-2022-22631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22631"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-243",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213191 du 14 mars 2022",
      "url": "https://support.apple.com/fr-fr/HT213191"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213182 du 14 mars 2022",
      "url": "https://support.apple.com/fr-fr/HT213182"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213184 du 14 mars 2022",
      "url": "https://support.apple.com/fr-fr/HT213184"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213185 du 14 mars 2022",
      "url": "https://support.apple.com/fr-fr/HT213185"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213183 du 14 mars 2022",
      "url": "https://support.apple.com/fr-fr/HT213183"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213188 du 14 mars 2022",
      "url": "https://support.apple.com/fr-fr/HT213188"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213190 du 14 mars 2022",
      "url": "https://support.apple.com/fr-fr/HT213190"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213193 du 14 mars 2022",
      "url": "https://support.apple.com/fr-fr/HT213193"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213189 du 14 mars 2022",
      "url": "https://support.apple.com/fr-fr/HT213189"
    }
  ]
}

CERTFR-2022-AVI-570

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	N/A	IBM Security Guardium versions 11.1 sans le correctif de sécurité SqlGuard_11.0p160_Bundle_Mar-23-2022
IBM	N/A	IBM Security Guardium versions 10.6 sans le correctif de sécurité SqlGuard_10.0p692_Bundle_May-12-2022
IBM	N/A	IBM Security Guardium versions 11.2 sans le correctif de sécurité SqlGuard_11.0p270_Bundle_Feb-24-2022
IBM	N/A	IBM Security Guardium versions 11.3 sans le correctif de sécurité SqlGuard_11.0p360_Bundle_Mar-24-2022
IBM	N/A	IBM StoredIQ versions 7.6.0.x antérieures à 7.6.0.22 sans le correctif de sécurité siq_7_6_0_22_log4j_2_17_1
IBM	QRadar WinCollect Agent	IBM QRadar WinCollect Agent versions 10.0.x antérieures à 10.0.2
IBM	N/A	IBM Security Guardium versions 11.0 sans le correctif de sécurité SqlGuard_11.0p45_Bundle_May-03-2022
IBM	N/A	IBM Security Guardium versions 10.5 sans le correctif de sécurité SqlGuard_10.0p550_Bundle_Mar-27-2022

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6596145 du 17 juin 2022	None	vendor-advisory
Bulletin de sécurité IBM 6596155 du 17 juin 2022	None	vendor-advisory
Bulletin de sécurité IBM 6596085 du 17 juin 2022	None	vendor-advisory
Bulletin de sécurité IBM 6572497 du 17 juin 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Security Guardium versions 11.1 sans le correctif de s\u00e9curit\u00e9 SqlGuard_11.0p160_Bundle_Mar-23-2022",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security Guardium versions 10.6 sans le correctif de s\u00e9curit\u00e9 SqlGuard_10.0p692_Bundle_May-12-2022",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security Guardium versions 11.2 sans le correctif de s\u00e9curit\u00e9 SqlGuard_11.0p270_Bundle_Feb-24-2022",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security Guardium versions 11.3 sans le correctif de s\u00e9curit\u00e9 SqlGuard_11.0p360_Bundle_Mar-24-2022",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM StoredIQ versions 7.6.0.x ant\u00e9rieures \u00e0 7.6.0.22 sans le correctif de s\u00e9curit\u00e9 siq_7_6_0_22_log4j_2_17_1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar WinCollect Agent versions 10.0.x ant\u00e9rieures \u00e0 10.0.2",
      "product": {
        "name": "QRadar WinCollect Agent",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security Guardium versions 11.0 sans le correctif de s\u00e9curit\u00e9 SqlGuard_11.0p45_Bundle_May-03-2022",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security Guardium versions 10.5 sans le correctif de s\u00e9curit\u00e9 SqlGuard_10.0p550_Bundle_Mar-27-2022",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-1343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
    },
    {
      "name": "CVE-2022-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
    },
    {
      "name": "CVE-2022-1292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
    },
    {
      "name": "CVE-2018-1320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1320"
    },
    {
      "name": "CVE-2022-27776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
    },
    {
      "name": "CVE-2020-13949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
    },
    {
      "name": "CVE-2021-45105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
    },
    {
      "name": "CVE-2021-22947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
    },
    {
      "name": "CVE-2022-22576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
    },
    {
      "name": "CVE-2021-22946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
    },
    {
      "name": "CVE-2018-11798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11798"
    },
    {
      "name": "CVE-2022-27775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
    },
    {
      "name": "CVE-2022-27774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
    },
    {
      "name": "CVE-2016-5397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5397"
    },
    {
      "name": "CVE-2021-45046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
    },
    {
      "name": "CVE-2019-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
    },
    {
      "name": "CVE-2022-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2021-3712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
    },
    {
      "name": "CVE-2019-0210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0210"
    },
    {
      "name": "CVE-2022-1434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
    },
    {
      "name": "CVE-2021-22945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22945"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-570",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6596145 du 17 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6596145"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6596155 du 17 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6596155"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6596085 du 17 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6596085"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6572497 du 17 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6572497"
    }
  ]
}

CERTFR-2025-AVI-0756

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu Platform	Tanzu Platform for Cloud Foundry isolation segment versions antérieures à 6.0.19+LTS-T
VMware	Tanzu Platform	Tanzu Platform for Cloud Foundry isolation segment versions antérieures à 10.0.9
VMware	Tanzu Platform	Tanzu Platform for Cloud Foundry isolation segment 10.2.2+LTS-T
VMware	Tanzu Operations Manager	Tanzu Operations Manager versions antérieures à 3.1.2
VMware	Tanzu	Tanzu Scheduler versions antérieures à 2.0.20
VMware	Tanzu	Spring Cloud Services for VMware Tanzu versions antérieures à 3.3.9
VMware	Tanzu	Single Sign-On for VMware Tanzu Application Service versions antérieures à 1.16.12
VMware	Tanzu	Stemcells pour Ubuntu Jammy Azure Light versions antérieures à 1.894
VMware	Tanzu	Stemcells pour Ubuntu Jammy versions antérieures à 1.894
VMware	Tanzu	Tanzu Hub versions antérieures à 10.2.1
VMware	Tanzu	Java Buildpack versions antérieures à 4.84.0
VMware	Tanzu	Tanzu for MySQL on Cloud Foundry versions antérieures à 10.0.2
VMware	Tanzu	Tanzu GemFire versions antérieures à 10.1.4

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 36093	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36102	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36101	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36100	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36105	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36091	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36078	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36107	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36094	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36097	2025-09-04	vendor-advisory
Bulletin de sécurité VMware DSA-2025-46	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36108	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36095	2025-09-04	vendor-advisory
Bulletin de sécurité VMware DSA-2025-09	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36096	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36106	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36109	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36098	2025-09-04	vendor-advisory
Bulletin de sécurité VMware DSA-2025-68	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36103	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36099	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36092	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36110	2025-09-04	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tanzu Platform for Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 6.0.19+LTS-T",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform for Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 10.0.9",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform for Cloud Foundry isolation segment 10.2.2+LTS-T",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Operations Manager versions ant\u00e9rieures \u00e0 3.1.2",
      "product": {
        "name": "Tanzu Operations Manager",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Scheduler versions ant\u00e9rieures \u00e0 2.0.20",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Spring Cloud Services for VMware Tanzu versions ant\u00e9rieures \u00e0 3.3.9",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Single Sign-On for VMware Tanzu Application Service versions ant\u00e9rieures \u00e0 1.16.12",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Stemcells pour Ubuntu Jammy Azure Light versions ant\u00e9rieures \u00e0 1.894",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Stemcells pour Ubuntu Jammy versions ant\u00e9rieures \u00e0 1.894",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Hub versions ant\u00e9rieures \u00e0 10.2.1",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Java Buildpack versions ant\u00e9rieures \u00e0 4.84.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu for MySQL on Cloud Foundry versions ant\u00e9rieures \u00e0 10.0.2",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu GemFire versions ant\u00e9rieures \u00e0 10.1.4",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2019-25013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
    },
    {
      "name": "CVE-2025-4088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4088"
    },
    {
      "name": "CVE-2025-6395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
    },
    {
      "name": "CVE-2021-35636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35636"
    },
    {
      "name": "CVE-2013-4235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4235"
    },
    {
      "name": "CVE-2017-3613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3613"
    },
    {
      "name": "CVE-2025-30681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
    },
    {
      "name": "CVE-2025-0448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0448"
    },
    {
      "name": "CVE-2021-35583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35583"
    },
    {
      "name": "CVE-2025-3032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3032"
    },
    {
      "name": "CVE-2019-2585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2585"
    },
    {
      "name": "CVE-2021-2352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2352"
    },
    {
      "name": "CVE-2024-38807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38807"
    },
    {
      "name": "CVE-2025-37850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37850"
    },
    {
      "name": "CVE-2023-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
    },
    {
      "name": "CVE-2021-3236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3236"
    },
    {
      "name": "CVE-2023-7104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
    },
    {
      "name": "CVE-2020-14861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14861"
    },
    {
      "name": "CVE-2025-0242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0242"
    },
    {
      "name": "CVE-2022-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
    },
    {
      "name": "CVE-2015-4789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4789"
    },
    {
      "name": "CVE-2021-35639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35639"
    },
    {
      "name": "CVE-2023-40217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
    },
    {
      "name": "CVE-2018-3279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3279"
    },
    {
      "name": "CVE-2025-21975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21975"
    },
    {
      "name": "CVE-2023-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
    },
    {
      "name": "CVE-2019-2982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2982"
    },
    {
      "name": "CVE-2024-46821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46821"
    },
    {
      "name": "CVE-2022-21253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21253"
    },
    {
      "name": "CVE-2025-31115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31115"
    },
    {
      "name": "CVE-2024-10467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10467"
    },
    {
      "name": "CVE-2021-33294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33294"
    },
    {
      "name": "CVE-2022-21538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21538"
    },
    {
      "name": "CVE-2022-22965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
    },
    {
      "name": "CVE-2024-53203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53203"
    },
    {
      "name": "CVE-2025-5281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5281"
    },
    {
      "name": "CVE-2024-9681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
    },
    {
      "name": "CVE-2019-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2808"
    },
    {
      "name": "CVE-2011-3374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3374"
    },
    {
      "name": "CVE-2025-30689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
    },
    {
      "name": "CVE-2023-3138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3138"
    },
    {
      "name": "CVE-2024-11168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
    },
    {
      "name": "CVE-2021-35575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35575"
    },
    {
      "name": "CVE-2025-37892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37892"
    },
    {
      "name": "CVE-2025-39728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39728"
    },
    {
      "name": "CVE-2025-37859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37859"
    },
    {
      "name": "CVE-2025-8027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8027"
    },
    {
      "name": "CVE-2025-1372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1372"
    },
    {
      "name": "CVE-2022-21436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21436"
    },
    {
      "name": "CVE-2025-2857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2857"
    },
    {
      "name": "CVE-2025-30715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
    },
    {
      "name": "CVE-2020-14773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14773"
    },
    {
      "name": "CVE-2025-37792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37792"
    },
    {
      "name": "CVE-2023-5841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5841"
    },
    {
      "name": "CVE-2022-46908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46908"
    },
    {
      "name": "CVE-2024-28834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
    },
    {
      "name": "CVE-2021-38604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38604"
    },
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2023-46218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
    },
    {
      "name": "CVE-2025-30682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
    },
    {
      "name": "CVE-2023-22015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22015"
    },
    {
      "name": "CVE-2025-27818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27818"
    },
    {
      "name": "CVE-2019-2589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2589"
    },
    {
      "name": "CVE-2023-22103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22103"
    },
    {
      "name": "CVE-2022-49728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49728"
    },
    {
      "name": "CVE-2025-22025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22025"
    },
    {
      "name": "CVE-2022-21418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21418"
    },
    {
      "name": "CVE-2025-5222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
    },
    {
      "name": "CVE-2021-2441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2441"
    },
    {
      "name": "CVE-2025-1939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1939"
    },
    {
      "name": "CVE-2023-21877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21877"
    },
    {
      "name": "CVE-2023-6780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6780"
    },
    {
      "name": "CVE-2020-2921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2921"
    },
    {
      "name": "CVE-2021-2357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2357"
    },
    {
      "name": "CVE-2025-0440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0440"
    },
    {
      "name": "CVE-2024-21207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21207"
    },
    {
      "name": "CVE-2025-22027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22027"
    },
    {
      "name": "CVE-2025-27516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
    },
    {
      "name": "CVE-2024-38286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38286"
    },
    {
      "name": "CVE-2024-3220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3220"
    },
    {
      "name": "CVE-2025-4091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4091"
    },
    {
      "name": "CVE-2025-5065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5065"
    },
    {
      "name": "CVE-2025-0996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0996"
    },
    {
      "name": "CVE-2022-42010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42010"
    },
    {
      "name": "CVE-2015-4787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4787"
    },
    {
      "name": "CVE-2019-2596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2596"
    },
    {
      "name": "CVE-2019-2879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2879"
    },
    {
      "name": "CVE-2025-0445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0445"
    },
    {
      "name": "CVE-2019-2630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2630"
    },
    {
      "name": "CVE-2025-9308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9308"
    },
    {
      "name": "CVE-2019-2607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2607"
    },
    {
      "name": "CVE-2025-37766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37766"
    },
    {
      "name": "CVE-2022-21522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21522"
    },
    {
      "name": "CVE-2024-10459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10459"
    },
    {
      "name": "CVE-2019-2495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2495"
    },
    {
      "name": "CVE-2025-21853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21853"
    },
    {
      "name": "CVE-2023-22026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22026"
    },
    {
      "name": "CVE-2025-37844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37844"
    },
    {
      "name": "CVE-2016-0682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0682"
    },
    {
      "name": "CVE-2020-14829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14829"
    },
    {
      "name": "CVE-2020-14576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14576"
    },
    {
      "name": "CVE-2022-21529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21529"
    },
    {
      "name": "CVE-2025-37871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37871"
    },
    {
      "name": "CVE-2023-39017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39017"
    },
    {
      "name": "CVE-2024-46751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46751"
    },
    {
      "name": "CVE-2025-0434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0434"
    },
    {
      "name": "CVE-2022-21435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21435"
    },
    {
      "name": "CVE-2020-14777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14777"
    },
    {
      "name": "CVE-2021-25220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25220"
    },
    {
      "name": "CVE-2025-22872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
    },
    {
      "name": "CVE-2025-21941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21941"
    },
    {
      "name": "CVE-2025-8941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
    },
    {
      "name": "CVE-2019-3003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3003"
    },
    {
      "name": "CVE-2020-14839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14839"
    },
    {
      "name": "CVE-2019-3018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3018"
    },
    {
      "name": "CVE-2021-35623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35623"
    },
    {
      "name": "CVE-2023-38546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
    },
    {
      "name": "CVE-2022-21460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21460"
    },
    {
      "name": "CVE-2025-8881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8881"
    },
    {
      "name": "CVE-2019-2993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2993"
    },
    {
      "name": "CVE-2020-2686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2686"
    },
    {
      "name": "CVE-2025-41234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
    },
    {
      "name": "CVE-2021-2170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2170"
    },
    {
      "name": "CVE-2022-21379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21379"
    },
    {
      "name": "CVE-2021-2215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2215"
    },
    {
      "name": "CVE-2020-2752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2752"
    },
    {
      "name": "CVE-2025-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4609"
    },
    {
      "name": "CVE-2024-45339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
    },
    {
      "name": "CVE-2023-53034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-53034"
    },
    {
      "name": "CVE-2021-2022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2022"
    },
    {
      "name": "CVE-2024-10461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10461"
    },
    {
      "name": "CVE-2022-21526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21526"
    },
    {
      "name": "CVE-2021-2172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2172"
    },
    {
      "name": "CVE-2024-33602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
    },
    {
      "name": "CVE-2022-21528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21528"
    },
    {
      "name": "CVE-2025-23138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23138"
    },
    {
      "name": "CVE-2024-56664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56664"
    },
    {
      "name": "CVE-2025-38152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38152"
    },
    {
      "name": "CVE-2014-4715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4715"
    },
    {
      "name": "CVE-2024-36945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36945"
    },
    {
      "name": "CVE-2021-2299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2299"
    },
    {
      "name": "CVE-2020-2892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2892"
    },
    {
      "name": "CVE-2025-5959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5959"
    },
    {
      "name": "CVE-2024-45772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45772"
    },
    {
      "name": "CVE-2016-2149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2149"
    },
    {
      "name": "CVE-2025-37790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37790"
    },
    {
      "name": "CVE-2020-29562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29562"
    },
    {
      "name": "CVE-2025-0913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
    },
    {
      "name": "CVE-2015-4776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4776"
    },
    {
      "name": "CVE-2023-21865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21865"
    },
    {
      "name": "CVE-2017-3616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3616"
    },
    {
      "name": "CVE-2025-27817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27817"
    },
    {
      "name": "CVE-2021-35640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35640"
    },
    {
      "name": "CVE-2024-10464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10464"
    },
    {
      "name": "CVE-2025-22021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22021"
    },
    {
      "name": "CVE-2015-4785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4785"
    },
    {
      "name": "CVE-2020-2853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2853"
    },
    {
      "name": "CVE-2025-37758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37758"
    },
    {
      "name": "CVE-2025-2783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2783"
    },
    {
      "name": "CVE-2025-1414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1414"
    },
    {
      "name": "CVE-2025-47907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
    },
    {
      "name": "CVE-2018-3170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3170"
    },
    {
      "name": "CVE-2020-2774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2774"
    },
    {
      "name": "CVE-2020-14771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14771"
    },
    {
      "name": "CVE-2025-49146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
    },
    {
      "name": "CVE-2025-3066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3066"
    },
    {
      "name": "CVE-2022-1292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
    },
    {
      "name": "CVE-2024-46787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46787"
    },
    {
      "name": "CVE-2019-2685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2685"
    },
    {
      "name": "CVE-2021-2196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2196"
    },
    {
      "name": "CVE-2023-45853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
    },
    {
      "name": "CVE-2024-21197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21197"
    },
    {
      "name": "CVE-2024-47611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47611"
    },
    {
      "name": "CVE-2025-8037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8037"
    },
    {
      "name": "CVE-2025-4918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4918"
    },
    {
      "name": "CVE-2023-21881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21881"
    },
    {
      "name": "CVE-2022-49168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49168"
    },
    {
      "name": "CVE-2020-14540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14540"
    },
    {
      "name": "CVE-2025-45582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
    },
    {
      "name": "CVE-2024-50125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50125"
    },
    {
      "name": "CVE-2025-37841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37841"
    },
    {
      "name": "CVE-2025-30703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
    },
    {
      "name": "CVE-2025-2136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2136"
    },
    {
      "name": "CVE-2022-48522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48522"
    },
    {
      "name": "CVE-2025-0439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0439"
    },
    {
      "name": "CVE-2023-45288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
    },
    {
      "name": "CVE-2021-2305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2305"
    },
    {
      "name": "CVE-2025-37770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37770"
    },
    {
      "name": "CVE-2025-37773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37773"
    },
    {
      "name": "CVE-2023-2602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2602"
    },
    {
      "name": "CVE-2021-20304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20304"
    },
    {
      "name": "CVE-2025-6069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
    },
    {
      "name": "CVE-2025-4090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4090"
    },
    {
      "name": "CVE-2017-10140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10140"
    },
    {
      "name": "CVE-2022-0667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0667"
    },
    {
      "name": "CVE-2024-6232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
    },
    {
      "name": "CVE-2025-22050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22050"
    },
    {
      "name": "CVE-2019-2740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2740"
    },
    {
      "name": "CVE-2025-9180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9180"
    },
    {
      "name": "CVE-2025-8581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8581"
    },
    {
      "name": "CVE-2024-50047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
    },
    {
      "name": "CVE-2025-1919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1919"
    },
    {
      "name": "CVE-2025-39735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39735"
    },
    {
      "name": "CVE-2025-3030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3030"
    },
    {
      "name": "CVE-2025-24813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
    },
    {
      "name": "CVE-2018-1273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1273"
    },
    {
      "name": "CVE-2022-21297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21297"
    },
    {
      "name": "CVE-2023-47100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47100"
    },
    {
      "name": "CVE-2025-37983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37983"
    },
    {
      "name": "CVE-2015-4764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4764"
    },
    {
      "name": "CVE-2020-2901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2901"
    },
    {
      "name": "CVE-2025-0241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0241"
    },
    {
      "name": "CVE-2020-1752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1752"
    },
    {
      "name": "CVE-2015-4779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4779"
    },
    {
      "name": "CVE-2020-2694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2694"
    },
    {
      "name": "CVE-2025-8034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8034"
    },
    {
      "name": "CVE-2025-37798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37798"
    },
    {
      "name": "CVE-2025-37819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37819"
    },
    {
      "name": "CVE-2025-4664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4664"
    },
    {
      "name": "CVE-2021-2160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2160"
    },
    {
      "name": "CVE-2025-49794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
    },
    {
      "name": "CVE-2021-35596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35596"
    },
    {
      "name": "CVE-2024-9287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
    },
    {
      "name": "CVE-2025-49710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49710"
    },
    {
      "name": "CVE-2025-22004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
    },
    {
      "name": "CVE-2021-2427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2427"
    },
    {
      "name": "CVE-2024-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2021-35624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35624"
    },
    {
      "name": "CVE-2019-2819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2819"
    },
    {
      "name": "CVE-2023-36632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
    },
    {
      "name": "CVE-2024-35867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35867"
    },
    {
      "name": "CVE-2022-21452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21452"
    },
    {
      "name": "CVE-2007-4559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4559"
    },
    {
      "name": "CVE-2021-2164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2164"
    },
    {
      "name": "CVE-2021-2374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2374"
    },
    {
      "name": "CVE-2020-14547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14547"
    },
    {
      "name": "CVE-2025-21839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21839"
    },
    {
      "name": "CVE-2020-14870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14870"
    },
    {
      "name": "CVE-2025-9182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9182"
    },
    {
      "name": "CVE-2021-35612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35612"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2022-3715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3715"
    },
    {
      "name": "CVE-2023-4016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4016"
    },
    {
      "name": "CVE-2024-22047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22047"
    },
    {
      "name": "CVE-2015-4780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4780"
    },
    {
      "name": "CVE-2025-38023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38023"
    },
    {
      "name": "CVE-2019-2811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2811"
    },
    {
      "name": "CVE-2024-56171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
    },
    {
      "name": "CVE-2023-21874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21874"
    },
    {
      "name": "CVE-2024-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
    },
    {
      "name": "CVE-2023-43785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43785"
    },
    {
      "name": "CVE-2025-30696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
    },
    {
      "name": "CVE-2022-25883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
    },
    {
      "name": "CVE-2019-2774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2774"
    },
    {
      "name": "CVE-2019-2803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2803"
    },
    {
      "name": "CVE-2008-5727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5727"
    },
    {
      "name": "CVE-2025-1426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1426"
    },
    {
      "name": "CVE-2025-6434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6434"
    },
    {
      "name": "CVE-2020-14785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14785"
    },
    {
      "name": "CVE-2024-46812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46812"
    },
    {
      "name": "CVE-2020-2760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2760"
    },
    {
      "name": "CVE-2025-5066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5066"
    },
    {
      "name": "CVE-2021-2424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2424"
    },
    {
      "name": "CVE-2021-35604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35604"
    },
    {
      "name": "CVE-2025-37789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37789"
    },
    {
      "name": "CVE-2019-2814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2814"
    },
    {
      "name": "CVE-2025-24970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
    },
    {
      "name": "CVE-2019-2606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2606"
    },
    {
      "name": "CVE-2022-3515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3515"
    },
    {
      "name": "CVE-2024-0760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0760"
    },
    {
      "name": "CVE-2022-21530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21530"
    },
    {
      "name": "CVE-2024-11698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11698"
    },
    {
      "name": "CVE-2024-46816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46816"
    },
    {
      "name": "CVE-2015-4754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4754"
    },
    {
      "name": "CVE-2020-14891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14891"
    },
    {
      "name": "CVE-2019-2966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2966"
    },
    {
      "name": "CVE-2022-21415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21415"
    },
    {
      "name": "CVE-2023-45322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45322"
    },
    {
      "name": "CVE-2021-2180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2180"
    },
    {
      "name": "CVE-2022-39046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39046"
    },
    {
      "name": "CVE-2025-21584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
    },
    {
      "name": "CVE-2019-2780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2780"
    },
    {
      "name": "CVE-2025-5064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5064"
    },
    {
      "name": "CVE-2021-35939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
    },
    {
      "name": "CVE-2021-35537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35537"
    },
    {
      "name": "CVE-2024-38819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2025-37867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37867"
    },
    {
      "name": "CVE-2021-2385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2385"
    },
    {
      "name": "CVE-2019-2530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2530"
    },
    {
      "name": "CVE-2019-2743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2743"
    },
    {
      "name": "CVE-2025-37857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37857"
    },
    {
      "name": "CVE-2024-13176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
    },
    {
      "name": "CVE-2023-22007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22007"
    },
    {
      "name": "CVE-2019-2737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2737"
    },
    {
      "name": "CVE-2018-1000169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000169"
    },
    {
      "name": "CVE-2025-7962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
    },
    {
      "name": "CVE-2023-21878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21878"
    },
    {
      "name": "CVE-2024-58251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
    },
    {
      "name": "CVE-2025-1931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1931"
    },
    {
      "name": "CVE-2025-0612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0612"
    },
    {
      "name": "CVE-2023-28322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
    },
    {
      "name": "CVE-2025-37937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37937"
    },
    {
      "name": "CVE-2021-2194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2194"
    },
    {
      "name": "CVE-2021-3421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3421"
    },
    {
      "name": "CVE-2015-4790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4790"
    },
    {
      "name": "CVE-2025-4598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
    },
    {
      "name": "CVE-2025-27144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27144"
    },
    {
      "name": "CVE-2024-6174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6174"
    },
    {
      "name": "CVE-2025-7656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7656"
    },
    {
      "name": "CVE-2024-7012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7012"
    },
    {
      "name": "CVE-2025-0237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0237"
    },
    {
      "name": "CVE-2019-2991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2991"
    },
    {
      "name": "CVE-2025-5264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5264"
    },
    {
      "name": "CVE-2025-37927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37927"
    },
    {
      "name": "CVE-2020-14804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14804"
    },
    {
      "name": "CVE-2013-1548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1548"
    },
    {
      "name": "CVE-2019-2752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2752"
    },
    {
      "name": "CVE-2025-37911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37911"
    },
    {
      "name": "CVE-2024-26686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26686"
    },
    {
      "name": "CVE-2020-2804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2804"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2023-6779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6779"
    },
    {
      "name": "CVE-2023-5363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
    },
    {
      "name": "CVE-2025-5115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
    },
    {
      "name": "CVE-2025-4085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4085"
    },
    {
      "name": "CVE-2022-21302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21302"
    },
    {
      "name": "CVE-2021-2412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2412"
    },
    {
      "name": "CVE-2019-2997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2997"
    },
    {
      "name": "CVE-2025-3028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3028"
    },
    {
      "name": "CVE-2019-2746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2746"
    },
    {
      "name": "CVE-2025-9181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9181"
    },
    {
      "name": "CVE-2025-6192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6192"
    },
    {
      "name": "CVE-2025-2817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2817"
    },
    {
      "name": "CVE-2021-45105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
    },
    {
      "name": "CVE-2025-5268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5268"
    },
    {
      "name": "CVE-2022-21589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21589"
    },
    {
      "name": "CVE-2024-13009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
    },
    {
      "name": "CVE-2022-49043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
    },
    {
      "name": "CVE-2022-21517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21517"
    },
    {
      "name": "CVE-2019-3004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3004"
    },
    {
      "name": "CVE-2024-53144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
    },
    {
      "name": "CVE-2015-2624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2624"
    },
    {
      "name": "CVE-2022-2068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
    },
    {
      "name": "CVE-2025-38637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38637"
    },
    {
      "name": "CVE-2019-2826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2826"
    },
    {
      "name": "CVE-2024-53128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53128"
    },
    {
      "name": "CVE-2024-21198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21198"
    },
    {
      "name": "CVE-2020-2928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2928"
    },
    {
      "name": "CVE-2025-37930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37930"
    },
    {
      "name": "CVE-2019-2914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2914"
    },
    {
      "name": "CVE-2020-14844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14844"
    },
    {
      "name": "CVE-2025-22055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22055"
    },
    {
      "name": "CVE-2021-20266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20266"
    },
    {
      "name": "CVE-2025-37810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37810"
    },
    {
      "name": "CVE-2024-1737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
    },
    {
      "name": "CVE-2024-34447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
    },
    {
      "name": "CVE-2020-2770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2770"
    },
    {
      "name": "CVE-2021-35608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35608"
    },
    {
      "name": "CVE-2025-1371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1371"
    },
    {
      "name": "CVE-2024-12798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
    },
    {
      "name": "CVE-2021-2201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2201"
    },
    {
      "name": "CVE-2025-0938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
    },
    {
      "name": "CVE-2025-5372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
    },
    {
      "name": "CVE-2008-5729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5729"
    },
    {
      "name": "CVE-2022-27782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
    },
    {
      "name": "CVE-2023-21883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21883"
    },
    {
      "name": "CVE-2025-27210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
    },
    {
      "name": "CVE-2024-33600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
    },
    {
      "name": "CVE-2015-2654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2654"
    },
    {
      "name": "CVE-2019-2617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2617"
    },
    {
      "name": "CVE-2024-21201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21201"
    },
    {
      "name": "CVE-2021-35647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35647"
    },
    {
      "name": "CVE-2020-14559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14559"
    },
    {
      "name": "CVE-2025-23159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23159"
    },
    {
      "name": "CVE-2025-1932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1932"
    },
    {
      "name": "CVE-2015-4778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4778"
    },
    {
      "name": "CVE-2022-21539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21539"
    },
    {
      "name": "CVE-2025-3072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3072"
    },
    {
      "name": "CVE-2025-49125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
    },
    {
      "name": "CVE-2025-50106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
    },
    {
      "name": "CVE-2025-0451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0451"
    },
    {
      "name": "CVE-2022-21440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21440"
    },
    {
      "name": "CVE-2023-21977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21977"
    },
    {
      "name": "CVE-2025-48060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
    },
    {
      "name": "CVE-2020-2761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2761"
    },
    {
      "name": "CVE-2022-21531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21531"
    },
    {
      "name": "CVE-2024-10458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10458"
    },
    {
      "name": "CVE-2024-10463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10463"
    },
    {
      "name": "CVE-2021-2300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2300"
    },
    {
      "name": "CVE-2022-21304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21304"
    },
    {
      "name": "CVE-2024-10468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10468"
    },
    {
      "name": "CVE-2020-1971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
    },
    {
      "name": "CVE-2021-2202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2202"
    },
    {
      "name": "CVE-2020-14873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14873"
    },
    {
      "name": "CVE-2022-49636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49636"
    },
    {
      "name": "CVE-2023-4813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
    },
    {
      "name": "CVE-2017-3617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3617"
    },
    {
      "name": "CVE-2024-11703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11703"
    },
    {
      "name": "CVE-2021-23337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
    },
    {
      "name": "CVE-2019-2626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2626"
    },
    {
      "name": "CVE-2025-1010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1010"
    },
    {
      "name": "CVE-2022-21479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21479"
    },
    {
      "name": "CVE-2025-4877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4877"
    },
    {
      "name": "CVE-2024-49960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
    },
    {
      "name": "CVE-2017-3615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3615"
    },
    {
      "name": "CVE-2023-28320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
    },
    {
      "name": "CVE-2025-37741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37741"
    },
    {
      "name": "CVE-2025-30683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
    },
    {
      "name": "CVE-2025-30699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
    },
    {
      "name": "CVE-2023-46129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46129"
    },
    {
      "name": "CVE-2024-10460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10460"
    },
    {
      "name": "CVE-2024-4030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4030"
    },
    {
      "name": "CVE-2025-27587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27587"
    },
    {
      "name": "CVE-2019-3009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3009"
    },
    {
      "name": "CVE-2021-2307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2307"
    },
    {
      "name": "CVE-2025-8880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8880"
    },
    {
      "name": "CVE-2020-2679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2679"
    },
    {
      "name": "CVE-2019-2938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2938"
    },
    {
      "name": "CVE-2025-37912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37912"
    },
    {
      "name": "CVE-2023-22070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22070"
    },
    {
      "name": "CVE-2023-39810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39810"
    },
    {
      "name": "CVE-2021-2014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2014"
    },
    {
      "name": "CVE-2021-2230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2230"
    },
    {
      "name": "CVE-2023-21875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21875"
    },
    {
      "name": "CVE-2025-37985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37985"
    },
    {
      "name": "CVE-2022-21515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21515"
    },
    {
      "name": "CVE-2025-1390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1390"
    },
    {
      "name": "CVE-2024-33599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
    },
    {
      "name": "CVE-2020-2897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2897"
    },
    {
      "name": "CVE-2025-37787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37787"
    },
    {
      "name": "CVE-2025-1920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1920"
    },
    {
      "name": "CVE-2025-6297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6297"
    },
    {
      "name": "CVE-2025-22035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22035"
    },
    {
      "name": "CVE-2025-4089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4089"
    },
    {
      "name": "CVE-2024-58093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
    },
    {
      "name": "CVE-2020-2574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2574"
    },
    {
      "name": "CVE-2017-3608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3608"
    },
    {
      "name": "CVE-2020-14769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14769"
    },
    {
      "name": "CVE-2025-47268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
    },
    {
      "name": "CVE-2022-21527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21527"
    },
    {
      "name": "CVE-2025-30754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
    },
    {
      "name": "CVE-2024-31047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31047"
    },
    {
      "name": "CVE-2024-28180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
    },
    {
      "name": "CVE-2023-28484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
    },
    {
      "name": "CVE-2019-2708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2708"
    },
    {
      "name": "CVE-2016-0692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0692"
    },
    {
      "name": "CVE-2016-2160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2160"
    },
    {
      "name": "CVE-2025-22233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
    },
    {
      "name": "CVE-2025-9179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9179"
    },
    {
      "name": "CVE-2021-23169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23169"
    },
    {
      "name": "CVE-2023-46219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46219"
    },
    {
      "name": "CVE-2023-47038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
    },
    {
      "name": "CVE-2021-35635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35635"
    },
    {
      "name": "CVE-2025-3068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3068"
    },
    {
      "name": "CVE-2025-3619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3619"
    },
    {
      "name": "CVE-2023-5981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
    },
    {
      "name": "CVE-2025-3031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3031"
    },
    {
      "name": "CVE-2020-10878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10878"
    },
    {
      "name": "CVE-2023-27043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
    },
    {
      "name": "CVE-2025-1016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1016"
    },
    {
      "name": "CVE-2015-4782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4782"
    },
    {
      "name": "CVE-2025-4096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4096"
    },
    {
      "name": "CVE-2025-21959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21959"
    },
    {
      "name": "CVE-2024-38809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
    },
    {
      "name": "CVE-2021-35610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35610"
    },
    {
      "name": "CVE-2017-3610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3610"
    },
    {
      "name": "CVE-2023-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
    },
    {
      "name": "CVE-2024-30172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
    },
    {
      "name": "CVE-2021-2429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2429"
    },
    {
      "name": "CVE-2025-5915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5915"
    },
    {
      "name": "CVE-2024-11700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11700"
    },
    {
      "name": "CVE-2024-11708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11708"
    },
    {
      "name": "CVE-2025-38024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38024"
    },
    {
      "name": "CVE-2020-2922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2922"
    },
    {
      "name": "CVE-2020-2660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2660"
    },
    {
      "name": "CVE-2022-49063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49063"
    },
    {
      "name": "CVE-2024-21213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21213"
    },
    {
      "name": "CVE-2025-5917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5917"
    },
    {
      "name": "CVE-2023-35116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
    },
    {
      "name": "CVE-2019-2969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2969"
    },
    {
      "name": "CVE-2025-0247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0247"
    },
    {
      "name": "CVE-2025-5263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5263"
    },
    {
      "name": "CVE-2017-12195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12195"
    },
    {
      "name": "CVE-2024-51744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
    },
    {
      "name": "CVE-2024-38820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
    },
    {
      "name": "CVE-2022-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
    },
    {
      "name": "CVE-2025-37889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37889"
    },
    {
      "name": "CVE-2021-35602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35602"
    },
    {
      "name": "CVE-2015-4788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4788"
    },
    {
      "name": "CVE-2021-2146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2146"
    },
    {
      "name": "CVE-2024-11701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11701"
    },
    {
      "name": "CVE-2023-21872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21872"
    },
    {
      "name": "CVE-2025-0443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0443"
    },
    {
      "name": "CVE-2025-1019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1019"
    },
    {
      "name": "CVE-2024-45338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
    },
    {
      "name": "CVE-2025-21981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21981"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2021-35577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35577"
    },
    {
      "name": "CVE-2025-6965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
    },
    {
      "name": "CVE-2020-14869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14869"
    },
    {
      "name": "CVE-2021-35646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35646"
    },
    {
      "name": "CVE-2022-21303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21303"
    },
    {
      "name": "CVE-2024-11584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11584"
    },
    {
      "name": "CVE-2025-50182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
    },
    {
      "name": "CVE-2020-2579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2579"
    },
    {
      "name": "CVE-2019-2778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2778"
    },
    {
      "name": "CVE-2020-2981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2981"
    },
    {
      "name": "CVE-2025-4052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4052"
    },
    {
      "name": "CVE-2025-1941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1941"
    },
    {
      "name": "CVE-2019-2625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2625"
    },
    {
      "name": "CVE-2024-21219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21219"
    },
    {
      "name": "CVE-2025-8044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8044"
    },
    {
      "name": "CVE-2021-35607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35607"
    },
    {
      "name": "CVE-2019-2957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2957"
    },
    {
      "name": "CVE-2019-7317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
    },
    {
      "name": "CVE-2021-35625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35625"
    },
    {
      "name": "CVE-2025-38005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38005"
    },
    {
      "name": "CVE-2025-8194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
    },
    {
      "name": "CVE-2025-22014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22014"
    },
    {
      "name": "CVE-2024-21194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21194"
    },
    {
      "name": "CVE-2021-2174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2174"
    },
    {
      "name": "CVE-2025-7657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7657"
    },
    {
      "name": "CVE-2019-2494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2494"
    },
    {
      "name": "CVE-2025-8041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8041"
    },
    {
      "name": "CVE-2016-3418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3418"
    },
    {
      "name": "CVE-2022-29824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29824"
    },
    {
      "name": "CVE-2024-11053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
    },
    {
      "name": "CVE-2024-7264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
    },
    {
      "name": "CVE-2019-2911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2911"
    },
    {
      "name": "CVE-2019-2802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2802"
    },
    {
      "name": "CVE-2022-21414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21414"
    },
    {
      "name": "CVE-2025-32462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
    },
    {
      "name": "CVE-2021-2203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2203"
    },
    {
      "name": "CVE-2019-2536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2536"
    },
    {
      "name": "CVE-2025-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3620"
    },
    {
      "name": "CVE-2021-2208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2208"
    },
    {
      "name": "CVE-2019-2923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2923"
    },
    {
      "name": "CVE-2022-49535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49535"
    },
    {
      "name": "CVE-2024-21196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21196"
    },
    {
      "name": "CVE-2025-50181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
    },
    {
      "name": "CVE-2024-21742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21742"
    },
    {
      "name": "CVE-2015-2656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2656"
    },
    {
      "name": "CVE-2022-21617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21617"
    },
    {
      "name": "CVE-2021-2422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2422"
    },
    {
      "name": "CVE-2020-14790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14790"
    },
    {
      "name": "CVE-2025-1795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
    },
    {
      "name": "CVE-2025-23158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23158"
    },
    {
      "name": "CVE-2025-21996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21996"
    },
    {
      "name": "CVE-2022-21358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21358"
    },
    {
      "name": "CVE-2017-3612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3612"
    },
    {
      "name": "CVE-2025-23144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23144"
    },
    {
      "name": "CVE-2025-37969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37969"
    },
    {
      "name": "CVE-2024-21199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21199"
    },
    {
      "name": "CVE-2019-2967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2967"
    },
    {
      "name": "CVE-2018-3186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3186"
    },
    {
      "name": "CVE-2022-48893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48893"
    },
    {
      "name": "CVE-2025-6435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6435"
    },
    {
      "name": "CVE-2023-31439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31439"
    },
    {
      "name": "CVE-2023-51074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
    },
    {
      "name": "CVE-2024-11692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11692"
    },
    {
      "name": "CVE-2020-2930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2930"
    },
    {
      "name": "CVE-2025-37742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37742"
    },
    {
      "name": "CVE-2025-23136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23136"
    },
    {
      "name": "CVE-2022-21608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21608"
    },
    {
      "name": "CVE-2025-37785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37785"
    },
    {
      "name": "CVE-2021-2354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2354"
    },
    {
      "name": "CVE-2025-37765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37765"
    },
    {
      "name": "CVE-2025-48964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48964"
    },
    {
      "name": "CVE-2025-21574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
    },
    {
      "name": "CVE-2022-42011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42011"
    },
    {
      "name": "CVE-2023-5189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5189"
    },
    {
      "name": "CVE-2025-21957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21957"
    },
    {
      "name": "CVE-2025-8901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8901"
    },
    {
      "name": "CVE-2025-1020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1020"
    },
    {
      "name": "CVE-2025-4674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
    },
    {
      "name": "CVE-2025-30258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30258"
    },
    {
      "name": "CVE-2025-21999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21999"
    },
    {
      "name": "CVE-2021-2367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2367"
    },
    {
      "name": "CVE-2025-0446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0446"
    },
    {
      "name": "CVE-2024-56406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56406"
    },
    {
      "name": "CVE-2021-35626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35626"
    },
    {
      "name": "CVE-2019-2535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2535"
    },
    {
      "name": "CVE-2025-23161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23161"
    },
    {
      "name": "CVE-2025-0435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0435"
    },
    {
      "name": "CVE-2021-2384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2384"
    },
    {
      "name": "CVE-2015-4784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4784"
    },
    {
      "name": "CVE-2020-14799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14799"
    },
    {
      "name": "CVE-2023-4527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4527"
    },
    {
      "name": "CVE-2025-5278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5278"
    },
    {
      "name": "CVE-2025-37803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37803"
    },
    {
      "name": "CVE-2025-21992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21992"
    },
    {
      "name": "CVE-2021-35632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35632"
    },
    {
      "name": "CVE-2025-52999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
    },
    {
      "name": "CVE-2023-34055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34055"
    },
    {
      "name": "CVE-2024-56433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
    },
    {
      "name": "CVE-2019-2796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2796"
    },
    {
      "name": "CVE-2025-37824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37824"
    },
    {
      "name": "CVE-2023-0464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
    },
    {
      "name": "CVE-2022-21342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21342"
    },
    {
      "name": "CVE-2023-4156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4156"
    },
    {
      "name": "CVE-2025-21580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
    },
    {
      "name": "CVE-2020-14793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14793"
    },
    {
      "name": "CVE-2025-5318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
    },
    {
      "name": "CVE-2025-0999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0999"
    },
    {
      "name": "CVE-2025-1921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1921"
    },
    {
      "name": "CVE-2025-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
    },
    {
      "name": "CVE-2021-2007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2007"
    },
    {
      "name": "CVE-2025-37923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37923"
    },
    {
      "name": "CVE-2012-5783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5783"
    },
    {
      "name": "CVE-2025-8882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8882"
    },
    {
      "name": "CVE-2025-22044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22044"
    },
    {
      "name": "CVE-2019-2798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2798"
    },
    {
      "name": "CVE-2022-0213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0213"
    },
    {
      "name": "CVE-2024-53051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53051"
    },
    {
      "name": "CVE-2020-14789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14789"
    },
    {
      "name": "CVE-2025-22062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22062"
    },
    {
      "name": "CVE-2025-21575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
    },
    {
      "name": "CVE-2025-37739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37739"
    },
    {
      "name": "CVE-2021-2389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2389"
    },
    {
      "name": "CVE-2023-21840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21840"
    },
    {
      "name": "CVE-2025-38575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38575"
    },
    {
      "name": "CVE-2025-8577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8577"
    },
    {
      "name": "CVE-2024-11699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11699"
    },
    {
      "name": "CVE-2019-2789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2789"
    },
    {
      "name": "CVE-2025-22018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22018"
    },
    {
      "name": "CVE-2020-2893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2893"
    },
    {
      "name": "CVE-2020-14765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14765"
    },
    {
      "name": "CVE-2025-3277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3277"
    },
    {
      "name": "CVE-2018-3137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3137"
    },
    {
      "name": "CVE-2025-21577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
    },
    {
      "name": "CVE-2025-37940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37940"
    },
    {
      "name": "CVE-2022-21270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21270"
    },
    {
      "name": "CVE-2019-2784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2784"
    },
    {
      "name": "CVE-2025-21970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21970"
    },
    {
      "name": "CVE-2025-22056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22056"
    },
    {
      "name": "CVE-2022-42012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42012"
    },
    {
      "name": "CVE-2025-4087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4087"
    },
    {
      "name": "CVE-2025-2135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2135"
    },
    {
      "name": "CVE-2018-3286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3286"
    },
    {
      "name": "CVE-2021-35648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35648"
    },
    {
      "name": "CVE-2023-21963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21963"
    },
    {
      "name": "CVE-2025-37964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37964"
    },
    {
      "name": "CVE-2025-3033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3033"
    },
    {
      "name": "CVE-2025-8879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8879"
    },
    {
      "name": "CVE-2020-14866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14866"
    },
    {
      "name": "CVE-2024-46742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46742"
    },
    {
      "name": "CVE-2024-50272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50272"
    },
    {
      "name": "CVE-2021-2437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2437"
    },
    {
      "name": "CVE-2025-37915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37915"
    },
    {
      "name": "CVE-2021-4193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4193"
    },
    {
      "name": "CVE-2025-6020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
    },
    {
      "name": "CVE-2015-2626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2626"
    },
    {
      "name": "CVE-2025-23146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23146"
    },
    {
      "name": "CVE-2021-2193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2193"
    },
    {
      "name": "CVE-2024-11395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11395"
    },
    {
      "name": "CVE-2020-2577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2577"
    },
    {
      "name": "CVE-2025-23142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23142"
    },
    {
      "name": "CVE-2020-10029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
    },
    {
      "name": "CVE-2025-7425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
    },
    {
      "name": "CVE-2019-2758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2758"
    },
    {
      "name": "CVE-2023-3978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
    },
    {
      "name": "CVE-2019-2810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2810"
    },
    {
      "name": "CVE-2024-35790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35790"
    },
    {
      "name": "CVE-2025-37738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37738"
    },
    {
      "name": "CVE-2023-29469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29469"
    },
    {
      "name": "CVE-2025-2137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2137"
    },
    {
      "name": "CVE-2024-5535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2025-5419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5419"
    },
    {
      "name": "CVE-2021-2418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2418"
    },
    {
      "name": "CVE-2023-27535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
    },
    {
      "name": "CVE-2025-37830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37830"
    },
    {
      "name": "CVE-2019-2631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2631"
    },
    {
      "name": "CVE-2019-2805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2805"
    },
    {
      "name": "CVE-2025-37991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37991"
    },
    {
      "name": "CVE-2025-23085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
    },
    {
      "name": "CVE-2024-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
    },
    {
      "name": "CVE-2023-21866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21866"
    },
    {
      "name": "CVE-2021-2411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2411"
    },
    {
      "name": "CVE-2020-2790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2790"
    },
    {
      "name": "CVE-2023-52572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52572"
    },
    {
      "name": "CVE-2019-2623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2623"
    },
    {
      "name": "CVE-2024-12801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
    },
    {
      "name": "CVE-2025-37781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37781"
    },
    {
      "name": "CVE-2025-6557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6557"
    },
    {
      "name": "CVE-2024-3219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
    },
    {
      "name": "CVE-2015-4781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4781"
    },
    {
      "name": "CVE-2021-35597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35597"
    },
    {
      "name": "CVE-2025-1916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1916"
    },
    {
      "name": "CVE-2025-37797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
    },
    {
      "name": "CVE-2025-23145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23145"
    },
    {
      "name": "CVE-2021-2425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2425"
    },
    {
      "name": "CVE-2025-1006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1006"
    },
    {
      "name": "CVE-2021-2390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2390"
    },
    {
      "name": "CVE-2022-21553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21553"
    },
    {
      "name": "CVE-2022-21451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21451"
    },
    {
      "name": "CVE-2021-3999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3999"
    },
    {
      "name": "CVE-2012-6153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6153"
    },
    {
      "name": "CVE-2024-47554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
    },
    {
      "name": "CVE-2025-37823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37823"
    },
    {
      "name": "CVE-2022-21301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21301"
    },
    {
      "name": "CVE-2021-2001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2001"
    },
    {
      "name": "CVE-2024-27402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27402"
    },
    {
      "name": "CVE-2021-2144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2144"
    },
    {
      "name": "CVE-2025-8582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8582"
    },
    {
      "name": "CVE-2022-21264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21264"
    },
    {
      "name": "CVE-2020-14836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14836"
    },
    {
      "name": "CVE-2021-3875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3875"
    },
    {
      "name": "CVE-2021-2444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2444"
    },
    {
      "name": "CVE-2025-1933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1933"
    },
    {
      "name": "CVE-2024-2004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
    },
    {
      "name": "CVE-2017-3605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3605"
    },
    {
      "name": "CVE-2025-23165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23165"
    },
    {
      "name": "CVE-2022-40303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40303"
    },
    {
      "name": "CVE-2019-2785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2785"
    },
    {
      "name": "CVE-2023-45803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
    },
    {
      "name": "CVE-2024-6763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
    },
    {
      "name": "CVE-2025-1942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1942"
    },
    {
      "name": "CVE-2025-0239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0239"
    },
    {
      "name": "CVE-2021-2301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2301"
    },
    {
      "name": "CVE-2019-2797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2797"
    },
    {
      "name": "CVE-2020-2903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2903"
    },
    {
      "name": "CVE-2020-10543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10543"
    },
    {
      "name": "CVE-2022-21362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21362"
    },
    {
      "name": "CVE-2021-35628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35628"
    },
    {
      "name": "CVE-2025-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1377"
    },
    {
      "name": "CVE-2025-5265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5265"
    },
    {
      "name": "CVE-2024-11697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11697"
    },
    {
      "name": "CVE-2025-30705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
    },
    {
      "name": "CVE-2025-22005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22005"
    },
    {
      "name": "CVE-2021-4122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4122"
    },
    {
      "name": "CVE-2025-37740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37740"
    },
    {
      "name": "CVE-2019-2686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2686"
    },
    {
      "name": "CVE-2021-2154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2154"
    },
    {
      "name": "CVE-2019-10744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10744"
    },
    {
      "name": "CVE-2021-2399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2399"
    },
    {
      "name": "CVE-2025-22045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22045"
    },
    {
      "name": "CVE-2025-3067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3067"
    },
    {
      "name": "CVE-2020-2627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2627"
    },
    {
      "name": "CVE-2022-21509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21509"
    },
    {
      "name": "CVE-2025-50088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
    },
    {
      "name": "CVE-2005-2541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-2541"
    },
    {
      "name": "CVE-2025-37829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37829"
    },
    {
      "name": "CVE-2025-46394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
    },
    {
      "name": "CVE-2025-6170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6170"
    },
    {
      "name": "CVE-2021-35937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
    },
    {
      "name": "CVE-2023-22028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22028"
    },
    {
      "name": "CVE-2019-2946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2946"
    },
    {
      "name": "CVE-2025-8578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8578"
    },
    {
      "name": "CVE-2020-14888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14888"
    },
    {
      "name": "CVE-2025-8039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8039"
    },
    {
      "name": "CVE-2024-45337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
    },
    {
      "name": "CVE-2025-22010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22010"
    },
    {
      "name": "CVE-2024-25260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25260"
    },
    {
      "name": "CVE-2025-23151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23151"
    },
    {
      "name": "CVE-2017-3609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3609"
    },
    {
      "name": "CVE-2025-52520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
    },
    {
      "name": "CVE-2025-1011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1011"
    },
    {
      "name": "CVE-2017-3611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3611"
    },
    {
      "name": "CVE-2021-2010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2010"
    },
    {
      "name": "CVE-2024-53427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
    },
    {
      "name": "CVE-2025-43857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43857"
    },
    {
      "name": "CVE-2021-35546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35546"
    },
    {
      "name": "CVE-2021-2298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2298"
    },
    {
      "name": "CVE-2023-28321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
    },
    {
      "name": "CVE-2025-0442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0442"
    },
    {
      "name": "CVE-2025-37796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37796"
    },
    {
      "name": "CVE-2019-2694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2694"
    },
    {
      "name": "CVE-2025-8580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8580"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2025-1930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1930"
    },
    {
      "name": "CVE-2020-14809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14809"
    },
    {
      "name": "CVE-2022-2309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2309"
    },
    {
      "name": "CVE-2020-15358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
    },
    {
      "name": "CVE-2021-2339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2339"
    },
    {
      "name": "CVE-2025-54988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
    },
    {
      "name": "CVE-2025-0997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0997"
    },
    {
      "name": "CVE-2025-23083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
    },
    {
      "name": "CVE-2015-4777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4777"
    },
    {
      "name": "CVE-2020-14550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14550"
    },
    {
      "name": "CVE-2021-2162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2162"
    },
    {
      "name": "CVE-2025-37883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37883"
    },
    {
      "name": "CVE-2023-0687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0687"
    },
    {
      "name": "CVE-2018-3203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3203"
    },
    {
      "name": "CVE-2025-0441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0441"
    },
    {
      "name": "CVE-2025-37811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37811"
    },
    {
      "name": "CVE-2022-21457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21457"
    },
    {
      "name": "CVE-2023-5156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
    },
    {
      "name": "CVE-2019-2822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2822"
    },
    {
      "name": "CVE-2019-2502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2502"
    },
    {
      "name": "CVE-2022-2795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2795"
    },
    {
      "name": "CVE-2024-21212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21212"
    },
    {
      "name": "CVE-2021-32256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32256"
    },
    {
      "name": "CVE-2022-22942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
    },
    {
      "name": "CVE-2025-55163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
    },
    {
      "name": "CVE-2021-2032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2032"
    },
    {
      "name": "CVE-2017-8046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8046"
    },
    {
      "name": "CVE-2019-2801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2801"
    },
    {
      "name": "CVE-2024-21193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21193"
    },
    {
      "name": "CVE-2024-0553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
    },
    {
      "name": "CVE-2019-3011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3011"
    },
    {
      "name": "CVE-2022-44638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44638"
    },
    {
      "name": "CVE-2025-37767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37767"
    },
    {
      "name": "CVE-2023-21871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21871"
    },
    {
      "name": "CVE-2021-2356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2356"
    },
    {
      "name": "CVE-2020-2926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2926"
    },
    {
      "name": "CVE-2017-3614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3614"
    },
    {
      "name": "CVE-2020-14846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14846"
    },
    {
      "name": "CVE-2022-21249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21249"
    },
    {
      "name": "CVE-2024-21241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21241"
    },
    {
      "name": "CVE-2025-37989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37989"
    },
    {
      "name": "CVE-2021-2171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2171"
    },
    {
      "name": "CVE-2019-2436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2436"
    },
    {
      "name": "CVE-2022-21265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21265"
    },
    {
      "name": "CVE-2022-21254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21254"
    },
    {
      "name": "CVE-2025-1009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1009"
    },
    {
      "name": "CVE-2025-9185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9185"
    },
    {
      "name": "CVE-2025-4878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4878"
    },
    {
      "name": "CVE-2024-11695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11695"
    },
    {
      "name": "CVE-2025-6433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6433"
    },
    {
      "name": "CVE-2024-35195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
    },
    {
      "name": "CVE-2019-2513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2513"
    },
    {
      "name": "CVE-2025-32990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
    },
    {
      "name": "CVE-2020-14827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14827"
    },
    {
      "name": "CVE-2025-6427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6427"
    },
    {
      "name": "CVE-2019-2689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2689"
    },
    {
      "name": "CVE-2025-6430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6430"
    },
    {
      "name": "CVE-2019-2747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2747"
    },
    {
      "name": "CVE-2025-4092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4092"
    },
    {
      "name": "CVE-2025-9288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
    },
    {
      "name": "CVE-2020-2904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2904"
    },
    {
      "name": "CVE-2019-2998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2998"
    },
    {
      "name": "CVE-2024-50280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50280"
    },
    {
      "name": "CVE-2021-2178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2178"
    },
    {
      "name": "CVE-2021-35591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35591"
    },
    {
      "name": "CVE-2025-22060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22060"
    },
    {
      "name": "CVE-2023-2603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
    },
    {
      "name": "CVE-2025-0995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0995"
    },
    {
      "name": "CVE-2025-6429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6429"
    },
    {
      "name": "CVE-2025-4802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
    },
    {
      "name": "CVE-2022-21455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21455"
    },
    {
      "name": "CVE-2024-11704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11704"
    },
    {
      "name": "CVE-2025-21994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21994"
    },
    {
      "name": "CVE-2025-30684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
    },
    {
      "name": "CVE-2022-21413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21413"
    },
    {
      "name": "CVE-2022-0635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0635"
    },
    {
      "name": "CVE-2025-48989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
    },
    {
      "name": "CVE-2022-21372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21372"
    },
    {
      "name": "CVE-2018-3182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3182"
    },
    {
      "name": "CVE-2024-9143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
    },
    {
      "name": "CVE-2020-12723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12723"
    },
    {
      "name": "CVE-2023-22032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22032"
    },
    {
      "name": "CVE-2021-3521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3521"
    },
    {
      "name": "CVE-2021-35637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35637"
    },
    {
      "name": "CVE-2022-21595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21595"
    },
    {
      "name": "CVE-2025-1943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1943"
    },
    {
      "name": "CVE-2025-37768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37768"
    },
    {
      "name": "CVE-2025-5272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5272"
    },
    {
      "name": "CVE-2024-33601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
    },
    {
      "name": "CVE-2025-32989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
    },
    {
      "name": "CVE-2021-20298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20298"
    },
    {
      "name": "CVE-2023-21887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21887"
    },
    {
      "name": "CVE-2025-22874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
    },
    {
      "name": "CVE-2019-2624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2624"
    },
    {
      "name": "CVE-2021-22055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22055"
    },
    {
      "name": "CVE-2020-2812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2812"
    },
    {
      "name": "CVE-2022-1271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
    },
    {
      "name": "CVE-2025-6556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6556"
    },
    {
      "name": "CVE-2025-8262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8262"
    },
    {
      "name": "CVE-2024-28085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
    },
    {
      "name": "CVE-2025-1917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1917"
    },
    {
      "name": "CVE-2022-21256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21256"
    },
    {
      "name": "CVE-2025-50059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
    },
    {
      "name": "CVE-2025-37970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37970"
    },
    {
      "name": "CVE-2025-22066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22066"
    },
    {
      "name": "CVE-2019-2687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2687"
    },
    {
      "name": "CVE-2025-8292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8292"
    },
    {
      "name": "CVE-2025-37905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37905"
    },
    {
      "name": "CVE-2025-0444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0444"
    },
    {
      "name": "CVE-2025-21579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
    },
    {
      "name": "CVE-2020-14845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14845"
    },
    {
      "name": "CVE-2025-22007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22007"
    },
    {
      "name": "CVE-2024-34459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34459"
    },
    {
      "name": "CVE-2025-38094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38094"
    },
    {
      "name": "CVE-2024-8805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8805"
    },
    {
      "name": "CVE-2025-49795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49795"
    },
    {
      "name": "CVE-2022-21556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21556"
    },
    {
      "name": "CVE-2025-4372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4372"
    },
    {
      "name": "CVE-2024-11691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11691"
    },
    {
      "name": "CVE-2023-6237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
    },
    {
      "name": "CVE-2015-4775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4775"
    },
    {
      "name": "CVE-2025-37967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37967"
    },
    {
      "name": "CVE-2016-0694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0694"
    },
    {
      "name": "CVE-2020-2896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2896"
    },
    {
      "name": "CVE-2021-2410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2410"
    },
    {
      "name": "CVE-2025-29088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29088"
    },
    {
      "name": "CVE-2021-46848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
    },
    {
      "name": "CVE-2025-6426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6426"
    },
    {
      "name": "CVE-2020-14800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14800"
    },
    {
      "name": "CVE-2025-6558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6558"
    },
    {
      "name": "CVE-2025-8035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8035"
    },
    {
      "name": "CVE-2025-37885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37885"
    },
    {
      "name": "CVE-2025-38000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38000"
    },
    {
      "name": "CVE-2025-22071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22071"
    },
    {
      "name": "CVE-2025-1376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
    },
    {
      "name": "CVE-2025-37949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37949"
    },
    {
      "name": "CVE-2024-56751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56751"
    },
    {
      "name": "CVE-2023-21873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21873"
    },
    {
      "name": "CVE-2021-2308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2308"
    },
    {
      "name": "CVE-2024-22365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
    },
    {
      "name": "CVE-2022-21368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21368"
    },
    {
      "name": "CVE-2023-20873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20873"
    },
    {
      "name": "CVE-2024-47535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2024-46774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46774"
    },
    {
      "name": "CVE-2025-8579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8579"
    },
    {
      "name": "CVE-2021-2402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2402"
    },
    {
      "name": "CVE-2024-21236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21236"
    },
    {
      "name": "CVE-2025-22075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22075"
    },
    {
      "name": "CVE-2024-7592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
    },
    {
      "name": "CVE-2024-11705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11705"
    },
    {
      "name": "CVE-2025-48988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
    },
    {
      "name": "CVE-2025-38083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38083"
    },
    {
      "name": "CVE-2023-21863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21863"
    },
    {
      "name": "CVE-2020-2763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2763"
    },
    {
      "name": "CVE-2008-5728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5728"
    },
    {
      "name": "CVE-2025-6436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6436"
    },
    {
      "name": "CVE-2015-2583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2583"
    },
    {
      "name": "CVE-2020-14852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14852"
    },
    {
      "name": "CVE-2019-2974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2974"
    },
    {
      "name": "CVE-2023-21876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21876"
    },
    {
      "name": "CVE-2024-11702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11702"
    },
    {
      "name": "CVE-2024-2236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
    },
    {
      "name": "CVE-2023-4039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4039"
    },
    {
      "name": "CVE-2025-45768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-45768"
    },
    {
      "name": "CVE-2025-8583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8583"
    },
    {
      "name": "CVE-2025-4083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4083"
    },
    {
      "name": "CVE-2020-14868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14868"
    },
    {
      "name": "CVE-2020-14814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14814"
    },
    {
      "name": "CVE-2025-1365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1365"
    },
    {
      "name": "CVE-2020-14837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14837"
    },
    {
      "name": "CVE-2019-2644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2644"
    },
    {
      "name": "CVE-2025-1918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1918"
    },
    {
      "name": "CVE-2022-3996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
    },
    {
      "name": "CVE-2020-2589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2589"
    },
    {
      "name": "CVE-2024-25062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
    },
    {
      "name": "CVE-2021-2036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2036"
    },
    {
      "name": "CVE-2024-21137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21137"
    },
    {
      "name": "CVE-2024-2398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
    },
    {
      "name": "CVE-2023-27536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
    },
    {
      "name": "CVE-2024-54458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54458"
    },
    {
      "name": "CVE-2022-21417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21417"
    },
    {
      "name": "CVE-2021-2479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2479"
    },
    {
      "name": "CVE-2025-22097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22097"
    },
    {
      "name": "CVE-2024-21239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21239"
    },
    {
      "name": "CVE-2015-4783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4783"
    },
    {
      "name": "CVE-2021-35629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35629"
    },
    {
      "name": "CVE-2020-2814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2814"
    },
    {
      "name": "CVE-2019-2922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2922"
    },
    {
      "name": "CVE-2015-4774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4774"
    },
    {
      "name": "CVE-2025-37840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37840"
    },
    {
      "name": "CVE-2025-0243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0243"
    },
    {
      "name": "CVE-2024-26739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26739"
    },
    {
      "name": "CVE-2017-11164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11164"
    },
    {
      "name": "CVE-2025-1935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1935"
    },
    {
      "name": "CVE-2018-3145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3145"
    },
    {
      "name": "CVE-2025-6425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6425"
    },
    {
      "name": "CVE-2025-26519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26519"
    },
    {
      "name": "CVE-2021-2340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2340"
    },
    {
      "name": "CVE-2024-35866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35866"
    },
    {
      "name": "CVE-2022-21437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21437"
    },
    {
      "name": "CVE-2022-21425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21425"
    },
    {
      "name": "CVE-2017-7500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
    },
    {
      "name": "CVE-2025-49124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
    },
    {
      "name": "CVE-2023-6481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6481"
    },
    {
      "name": "CVE-2025-3074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3074"
    },
    {
      "name": "CVE-2022-21537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21537"
    },
    {
      "name": "CVE-2024-10487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10487"
    },
    {
      "name": "CVE-2019-2580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2580"
    },
    {
      "name": "CVE-2023-21867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21867"
    },
    {
      "name": "CVE-2024-0727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
    },
    {
      "name": "CVE-2023-6378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
    },
    {
      "name": "CVE-2024-10041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
    },
    {
      "name": "CVE-2022-21547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21547"
    },
    {
      "name": "CVE-2024-49989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49989"
    },
    {
      "name": "CVE-2019-2587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2587"
    },
    {
      "name": "CVE-2023-6129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
    },
    {
      "name": "CVE-2022-34903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34903"
    },
    {
      "name": "CVE-2025-8043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8043"
    },
    {
      "name": "CVE-2022-4899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
    },
    {
      "name": "CVE-2025-5270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5270"
    },
    {
      "name": "CVE-2021-35627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35627"
    },
    {
      "name": "CVE-2025-21956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21956"
    },
    {
      "name": "CVE-2024-36908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36908"
    },
    {
      "name": "CVE-2019-2910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2910"
    },
    {
      "name": "CVE-2020-14539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14539"
    },
    {
      "name": "CVE-2025-37982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37982"
    },
    {
      "name": "CVE-2019-2593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2593"
    },
    {
      "name": "CVE-2025-37992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37992"
    },
    {
      "name": "CVE-2025-37932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37932"
    },
    {
      "name": "CVE-2022-3219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3219"
    },
    {
      "name": "CVE-2023-21869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21869"
    },
    {
      "name": "CVE-2025-37890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
    },
    {
      "name": "CVE-2025-4673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
    },
    {
      "name": "CVE-2025-1940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1940"
    },
    {
      "name": "CVE-2025-22020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22020"
    },
    {
      "name": "CVE-2020-15366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15366"
    },
    {
      "name": "CVE-2023-34969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
    },
    {
      "name": "CVE-2020-22916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
    },
    {
      "name": "CVE-2025-31672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31672"
    },
    {
      "name": "CVE-2019-2963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2963"
    },
    {
      "name": "CVE-2021-2387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2387"
    },
    {
      "name": "CVE-2025-5916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5916"
    },
    {
      "name": "CVE-2022-21348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21348"
    },
    {
      "name": "CVE-2025-30721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
    },
    {
      "name": "CVE-2020-14672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14672"
    },
    {
      "name": "CVE-2021-2293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2293"
    },
    {
      "name": "CVE-2025-37914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37914"
    },
    {
      "name": "CVE-2020-14830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14830"
    },
    {
      "name": "CVE-2025-22871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
    },
    {
      "name": "CVE-2025-41232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41232"
    },
    {
      "name": "CVE-2025-8010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8010"
    },
    {
      "name": "CVE-2021-2370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2370"
    },
    {
      "name": "CVE-2025-32988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
    },
    {
      "name": "CVE-2024-10963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
    },
    {
      "name": "CVE-2024-26461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
    },
    {
      "name": "CVE-2025-4082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4082"
    },
    {
      "name": "CVE-2021-35644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35644"
    },
    {
      "name": "CVE-2017-3604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3604"
    },
    {
      "name": "CVE-2022-21592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21592"
    },
    {
      "name": "CVE-2024-38828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
    },
    {
      "name": "CVE-2023-27538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
    },
    {
      "name": "CVE-2025-37794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37794"
    },
    {
      "name": "CVE-2025-8036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8036"
    },
    {
      "name": "CVE-2021-35631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35631"
    },
    {
      "name": "CVE-2023-4641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4641"
    },
    {
      "name": "CVE-2025-1915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1915"
    },
    {
      "name": "CVE-2025-27113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
    },
    {
      "name": "CVE-2024-47081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
    },
    {
      "name": "CVE-2023-36054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36054"
    },
    {
      "name": "CVE-2024-26458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
    },
    {
      "name": "CVE-2025-8032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8032"
    },
    {
      "name": "CVE-2022-23218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23218"
    },
    {
      "name": "CVE-2025-23166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
    },
    {
      "name": "CVE-2019-10782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10782"
    },
    {
      "name": "CVE-2024-11693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11693"
    },
    {
      "name": "CVE-2024-55549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
    },
    {
      "name": "CVE-2020-14893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14893"
    },
    {
      "name": "CVE-2021-35642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35642"
    },
    {
      "name": "CVE-2023-43787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43787"
    },
    {
      "name": "CVE-2019-2948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2948"
    },
    {
      "name": "CVE-2023-43786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43786"
    },
    {
      "name": "CVE-2021-2278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2278"
    },
    {
      "name": "CVE-2024-6119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
    },
    {
      "name": "CVE-2019-2924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2924"
    },
    {
      "name": "CVE-2025-3608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3608"
    },
    {
      "name": "CVE-2021-2226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2226"
    },
    {
      "name": "CVE-2021-25214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25214"
    },
    {
      "name": "CVE-2024-0397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
    },
    {
      "name": "CVE-2025-24294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
    },
    {
      "name": "CVE-2020-2779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2779"
    },
    {
      "name": "CVE-2025-40909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40909"
    },
    {
      "name": "CVE-2023-21836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21836"
    },
    {
      "name": "CVE-2025-37836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37836"
    },
    {
      "name": "CVE-2025-6432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6432"
    },
    {
      "name": "CVE-2017-3607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3607"
    },
    {
      "name": "CVE-2024-50258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50258"
    },
    {
      "name": "CVE-2021-2342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2342"
    },
    {
      "name": "CVE-2025-3029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3029"
    },
    {
      "name": "CVE-2025-1934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1934"
    },
    {
      "name": "CVE-2020-28500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28500"
    },
    {
      "name": "CVE-2020-14794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14794"
    },
    {
      "name": "CVE-2019-2634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2634"
    },
    {
      "name": "CVE-2025-3034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3034"
    },
    {
      "name": "CVE-2024-42322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
    },
    {
      "name": "CVE-2023-22078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22078"
    },
    {
      "name": "CVE-2020-14786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14786"
    },
    {
      "name": "CVE-2023-21870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21870"
    },
    {
      "name": "CVE-2024-46753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46753"
    },
    {
      "name": "CVE-2025-9187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9187"
    },
    {
      "name": "CVE-2021-35638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35638"
    },
    {
      "name": "CVE-2022-21534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21534"
    },
    {
      "name": "CVE-2025-4516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
    },
    {
      "name": "CVE-2024-38808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38808"
    },
    {
      "name": "CVE-2025-9183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9183"
    },
    {
      "name": "CVE-2025-22869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
    },
    {
      "name": "CVE-2008-5742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5742"
    },
    {
      "name": "CVE-2024-10466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10466"
    },
    {
      "name": "CVE-2021-20193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20193"
    },
    {
      "name": "CVE-2025-37771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37771"
    },
    {
      "name": "CVE-2022-3358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
    },
    {
      "name": "CVE-2019-2533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2533"
    },
    {
      "name": "CVE-2025-4050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4050"
    },
    {
      "name": "CVE-2025-37998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37998"
    },
    {
      "name": "CVE-2025-6021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
    },
    {
      "name": "CVE-2025-23163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23163"
    },
    {
      "name": "CVE-2022-35737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
    },
    {
      "name": "CVE-2020-14828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14828"
    },
    {
      "name": "CVE-2025-55668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
    },
    {
      "name": "CVE-2020-8203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
    },
    {
      "name": "CVE-2020-2759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2759"
    },
    {
      "name": "CVE-2024-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
    },
    {
      "name": "CVE-2025-1937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1937"
    },
    {
      "name": "CVE-2020-14812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14812"
    },
    {
      "name": "CVE-2025-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
    },
    {
      "name": "CVE-2025-9184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9184"
    },
    {
      "name": "CVE-2024-8096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
    },
    {
      "name": "CVE-2022-4415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4415"
    },
    {
      "name": "CVE-2025-1014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1014"
    },
    {
      "name": "CVE-2023-4806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
    },
    {
      "name": "CVE-2025-1013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1013"
    },
    {
      "name": "CVE-2023-31437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31437"
    },
    {
      "name": "CVE-2023-47039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47039"
    },
    {
      "name": "CVE-2025-37757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37757"
    },
    {
      "name": "CVE-2023-21879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21879"
    },
    {
      "name": "CVE-2025-22063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22063"
    },
    {
      "name": "CVE-2025-38177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38177"
    },
    {
      "name": "CVE-2025-0762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0762"
    },
    {
      "name": "CVE-2016-2781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2781"
    },
    {
      "name": "CVE-2023-31484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
    },
    {
      "name": "CVE-2024-11694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11694"
    },
    {
      "name": "CVE-2023-29383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29383"
    },
    {
      "name": "CVE-2020-2573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2573"
    },
    {
      "name": "CVE-2023-37769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37769"
    },
    {
      "name": "CVE-2022-21444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21444"
    },
    {
      "name": "CVE-2025-1018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1018"
    },
    {
      "name": "CVE-2020-2806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2806"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2025-38009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38009"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2020-14838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14838"
    },
    {
      "name": "CVE-2019-2791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2791"
    },
    {
      "name": "CVE-2025-30687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
    },
    {
      "name": "CVE-2024-2397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2397"
    },
    {
      "name": "CVE-2022-21378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21378"
    },
    {
      "name": "CVE-2025-8040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8040"
    },
    {
      "name": "CVE-2024-10465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10465"
    },
    {
      "name": "CVE-2021-35942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35942"
    },
    {
      "name": "CVE-2025-46701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
    },
    {
      "name": "CVE-2025-5068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5068"
    },
    {
      "name": "CVE-2025-38001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38001"
    },
    {
      "name": "CVE-2025-32415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
    },
    {
      "name": "CVE-2025-24855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
    },
    {
      "name": "CVE-2025-37817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37817"
    },
    {
      "name": "CVE-2019-2815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2815"
    },
    {
      "name": "CVE-2025-37838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37838"
    },
    {
      "name": "CVE-2021-2440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2440"
    },
    {
      "name": "CVE-2025-5889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
    },
    {
      "name": "CVE-2019-2695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2695"
    },
    {
      "name": "CVE-2021-35634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35634"
    },
    {
      "name": "CVE-2024-30171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
    },
    {
      "name": "CVE-2021-2304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2304"
    },
    {
      "name": "CVE-2024-23337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
    },
    {
      "name": "CVE-2016-0689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0689"
    },
    {
      "name": "CVE-2021-2179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2179"
    },
    {
      "name": "CVE-2025-37749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37749"
    },
    {
      "name": "CVE-2025-30749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
    },
    {
      "name": "CVE-2018-3285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3285"
    },
    {
      "name": "CVE-2019-2738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2738"
    },
    {
      "name": "CVE-2025-1017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1017"
    },
    {
      "name": "CVE-2020-14821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14821"
    },
    {
      "name": "CVE-2024-38541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38541"
    },
    {
      "name": "CVE-2021-2169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2169"
    },
    {
      "name": "CVE-2025-22235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
    },
    {
      "name": "CVE-2023-22084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22084"
    },
    {
      "name": "CVE-2020-2572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2572"
    },
    {
      "name": "CVE-2020-2570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2570"
    },
    {
      "name": "CVE-2025-37756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37756"
    },
    {
      "name": "CVE-2021-2060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2060"
    },
    {
      "name": "CVE-2021-2417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2417"
    },
    {
      "name": "CVE-2025-3035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3035"
    },
    {
      "name": "CVE-2025-37994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37994"
    },
    {
      "name": "CVE-2025-7339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
    },
    {
      "name": "CVE-2018-3212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3212"
    },
    {
      "name": "CVE-2020-2895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2895"
    },
    {
      "name": "CVE-2025-1352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1352"
    },
    {
      "name": "CVE-2024-4741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
    },
    {
      "name": "CVE-2022-21569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21569"
    },
    {
      "name": "CVE-2020-2925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2925"
    },
    {
      "name": "CVE-2021-33574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
    },
    {
      "name": "CVE-2024-38540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38540"
    },
    {
      "name": "CVE-2025-48924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
    },
    {
      "name": "CVE-2019-2636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2636"
    },
    {
      "name": "CVE-2019-18276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
    },
    {
      "name": "CVE-2025-6424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6424"
    },
    {
      "name": "CVE-2021-3326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3326"
    },
    {
      "name": "CVE-2021-35622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35622"
    },
    {
      "name": "CVE-2025-8916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
    },
    {
      "name": "CVE-2025-21523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21523"
    },
    {
      "name": "CVE-2025-32414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
    },
    {
      "name": "CVE-2025-8885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
    },
    {
      "name": "CVE-2025-1914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1914"
    },
    {
      "name": "CVE-2025-8029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8029"
    },
    {
      "name": "CVE-2025-5067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5067"
    },
    {
      "name": "CVE-2025-37858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37858"
    },
    {
      "name": "CVE-2023-40403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40403"
    },
    {
      "name": "CVE-2021-2212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2212"
    },
    {
      "name": "CVE-2019-2691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2691"
    },
    {
      "name": "CVE-2021-2232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2232"
    },
    {
      "name": "CVE-2019-2812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2812"
    },
    {
      "name": "CVE-2025-9132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9132"
    },
    {
      "name": "CVE-2021-35643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35643"
    },
    {
      "name": "CVE-2021-35938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
    },
    {
      "name": "CVE-2025-30704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
    },
    {
      "name": "CVE-2021-2478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2478"
    },
    {
      "name": "CVE-2025-37780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37780"
    },
    {
      "name": "CVE-2025-37995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37995"
    },
    {
      "name": "CVE-2020-16156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16156"
    },
    {
      "name": "CVE-2025-23156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23156"
    },
    {
      "name": "CVE-2025-23157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23157"
    },
    {
      "name": "CVE-2025-8038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8038"
    },
    {
      "name": "CVE-2022-21344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21344"
    },
    {
      "name": "CVE-2021-2481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2481"
    },
    {
      "name": "CVE-2022-28321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28321"
    },
    {
      "name": "CVE-2019-2739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2739"
    },
    {
      "name": "CVE-2015-2214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2214"
    },
    {
      "name": "CVE-2025-37808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37808"
    },
    {
      "name": "CVE-2017-3606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3606"
    },
    {
      "name": "CVE-2023-20883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20883"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2019-2968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2968"
    },
    {
      "name": "CVE-2023-22053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22053"
    },
    {
      "name": "CVE-2025-0438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0438"
    },
    {
      "name": "CVE-2021-25219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25219"
    },
    {
      "name": "CVE-2023-24329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
    },
    {
      "name": "CVE-2025-21963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21963"
    },
    {
      "name": "CVE-2024-12243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
    },
    {
      "name": "CVE-2024-26462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26462"
    },
    {
      "name": "CVE-2020-14776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14776"
    },
    {
      "name": "CVE-2025-30693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
    },
    {
      "name": "CVE-2025-21585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
    },
    {
      "name": "CVE-2024-42230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42230"
    },
    {
      "name": "CVE-2025-5283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5283"
    },
    {
      "name": "CVE-2022-21367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21367"
    },
    {
      "name": "CVE-2025-37997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37997"
    },
    {
      "name": "CVE-2025-24928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
    },
    {
      "name": "CVE-2019-2688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2688"
    },
    {
      "name": "CVE-2020-14860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14860"
    },
    {
      "name": "CVE-2025-2312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
    },
    {
      "name": "CVE-2025-0395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
    },
    {
      "name": "CVE-2025-53506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
    },
    {
      "name": "CVE-2023-4320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4320"
    },
    {
      "name": "CVE-2025-1922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1922"
    },
    {
      "name": "CVE-2025-23084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
    },
    {
      "name": "CVE-2015-4786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4786"
    },
    {
      "name": "CVE-2025-0437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0437"
    },
    {
      "name": "CVE-2022-3602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
    },
    {
      "name": "CVE-2022-40304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
    },
    {
      "name": "CVE-2023-4911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
    },
    {
      "name": "CVE-2025-8028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8028"
    },
    {
      "name": "CVE-2025-0725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
    },
    {
      "name": "CVE-2025-49709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49709"
    },
    {
      "name": "CVE-2021-44832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
    },
    {
      "name": "CVE-2024-11706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11706"
    },
    {
      "name": "CVE-2025-4051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4051"
    },
    {
      "name": "CVE-2025-7424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7424"
    },
    {
      "name": "CVE-2017-12629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12629"
    },
    {
      "name": "CVE-2021-35645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35645"
    },
    {
      "name": "CVE-2020-2780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2780"
    },
    {
      "name": "CVE-2025-37805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37805"
    },
    {
      "name": "CVE-2025-5063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5063"
    },
    {
      "name": "CVE-2018-3195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3195"
    },
    {
      "name": "CVE-2025-3071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3071"
    },
    {
      "name": "CVE-2024-50073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
    },
    {
      "name": "CVE-2020-14567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14567"
    },
    {
      "name": "CVE-2019-2539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2539"
    },
    {
      "name": "CVE-2022-21525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21525"
    },
    {
      "name": "CVE-2025-37990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37990"
    },
    {
      "name": "CVE-2022-21352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21352"
    },
    {
      "name": "CVE-2025-53864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
    },
    {
      "name": "CVE-2025-22089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22089"
    },
    {
      "name": "CVE-2025-8011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8011"
    },
    {
      "name": "CVE-2025-0436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0436"
    },
    {
      "name": "CVE-2023-22114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22114"
    },
    {
      "name": "CVE-2024-4032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
    },
    {
      "name": "CVE-2021-27645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27645"
    },
    {
      "name": "CVE-2025-37862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37862"
    },
    {
      "name": "CVE-2024-28835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28835"
    },
    {
      "name": "CVE-2025-0447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0447"
    },
    {
      "name": "CVE-2021-2213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2213"
    },
    {
      "name": "CVE-2025-49796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
    },
    {
      "name": "CVE-2025-8058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
    },
    {
      "name": "CVE-2024-21209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21209"
    },
    {
      "name": "CVE-2025-8033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8033"
    },
    {
      "name": "CVE-2021-22570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22570"
    },
    {
      "name": "CVE-2025-37839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37839"
    },
    {
      "name": "CVE-2025-37913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37913"
    },
    {
      "name": "CVE-2023-22097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22097"
    },
    {
      "name": "CVE-2020-2765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2765"
    },
    {
      "name": "CVE-2020-14791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14791"
    },
    {
      "name": "CVE-2023-21880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21880"
    },
    {
      "name": "CVE-2025-8732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8732"
    },
    {
      "name": "CVE-2025-8030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8030"
    },
    {
      "name": "CVE-2024-11696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11696"
    },
    {
      "name": "CVE-2025-22008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22008"
    },
    {
      "name": "CVE-2023-21912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21912"
    },
    {
      "name": "CVE-2008-5730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5730"
    },
    {
      "name": "CVE-2021-2217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2217"
    },
    {
      "name": "CVE-2025-30204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
    },
    {
      "name": "CVE-2025-3073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3073"
    },
    {
      "name": "CVE-2023-39325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
    },
    {
      "name": "CVE-2019-9658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9658"
    },
    {
      "name": "CVE-2025-6191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6191"
    },
    {
      "name": "CVE-2025-21581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
    },
    {
      "name": "CVE-2022-21454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21454"
    },
    {
      "name": "CVE-2025-5914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
    },
    {
      "name": "CVE-2018-1196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1196"
    },
    {
      "name": "CVE-2022-21427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21427"
    },
    {
      "name": "CVE-2024-35943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35943"
    },
    {
      "name": "CVE-2025-5271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5271"
    },
    {
      "name": "CVE-2022-21374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21374"
    },
    {
      "name": "CVE-2021-35630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35630"
    },
    {
      "name": "CVE-2025-6554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6554"
    },
    {
      "name": "CVE-2025-5266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5266"
    },
    {
      "name": "CVE-2023-39615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
    },
    {
      "name": "CVE-2023-52757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52757"
    },
    {
      "name": "CVE-2017-7501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
    },
    {
      "name": "CVE-2023-31486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31486"
    },
    {
      "name": "CVE-2025-41242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
    },
    {
      "name": "CVE-2025-37851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37851"
    },
    {
      "name": "CVE-2020-14553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14553"
    },
    {
      "name": "CVE-2025-8031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8031"
    },
    {
      "name": "CVE-2024-38816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
    },
    {
      "name": "CVE-2024-2511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
    },
    {
      "name": "CVE-2022-21462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21462"
    },
    {
      "name": "CVE-2019-2584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2584"
    },
    {
      "name": "CVE-2025-22054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22054"
    },
    {
      "name": "CVE-2019-2635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2635"
    },
    {
      "name": "CVE-2025-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21968"
    },
    {
      "name": "CVE-2022-21478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21478"
    },
    {
      "name": "CVE-2025-29087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29087"
    },
    {
      "name": "CVE-2019-2693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2693"
    },
    {
      "name": "CVE-2025-21991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
    },
    {
      "name": "CVE-2025-22086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22086"
    },
    {
      "name": "CVE-2019-2741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2741"
    },
    {
      "name": "CVE-2025-46392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46392"
    },
    {
      "name": "CVE-2020-27618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27618"
    },
    {
      "name": "CVE-2022-21370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21370"
    },
    {
      "name": "CVE-2021-2372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2372"
    },
    {
      "name": "CVE-2023-6246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6246"
    },
    {
      "name": "CVE-2021-2426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2426"
    },
    {
      "name": "CVE-2025-22073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22073"
    },
    {
      "name": "CVE-2025-37788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37788"
    },
    {
      "name": "CVE-2025-1936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1936"
    },
    {
      "name": "CVE-2025-5958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5958"
    },
    {
      "name": "CVE-2022-23219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
    },
    {
      "name": "CVE-2019-2950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2950"
    },
    {
      "name": "CVE-2025-0238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0238"
    },
    {
      "name": "CVE-2015-2640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2640"
    },
    {
      "name": "CVE-2025-30685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
    },
    {
      "name": "CVE-2021-35641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35641"
    },
    {
      "name": "CVE-2025-2476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2476"
    },
    {
      "name": "CVE-2019-2620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2620"
    },
    {
      "name": "CVE-2025-30695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
    },
    {
      "name": "CVE-2025-30688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
    },
    {
      "name": "CVE-2025-37881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37881"
    },
    {
      "name": "CVE-2025-21588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21588"
    },
    {
      "name": "CVE-2019-2960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2960"
    },
    {
      "name": "CVE-2025-0998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0998"
    },
    {
      "name": "CVE-2022-21459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21459"
    },
    {
      "name": "CVE-2023-27537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
    },
    {
      "name": "CVE-2025-37909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37909"
    },
    {
      "name": "CVE-2019-2795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2795"
    },
    {
      "name": "CVE-2021-2011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2011"
    },
    {
      "name": "CVE-2022-21412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21412"
    },
    {
      "name": "CVE-2023-5678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
    },
    {
      "name": "CVE-2024-2961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
    },
    {
      "name": "CVE-2022-21245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21245"
    },
    {
      "name": "CVE-2025-21962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21962"
    },
    {
      "name": "CVE-2024-12133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
    },
    {
      "name": "CVE-2025-37812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37812"
    },
    {
      "name": "CVE-2020-2584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2584"
    },
    {
      "name": "CVE-2025-37875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37875"
    },
    {
      "name": "CVE-2023-42366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42366"
    },
    {
      "name": "CVE-2019-2834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2834"
    },
    {
      "name": "CVE-2020-14775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14775"
    },
    {
      "name": "CVE-2022-21438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21438"
    },
    {
      "name": "CVE-2024-28182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
    },
    {
      "name": "CVE-2020-14760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14760"
    },
    {
      "name": "CVE-2021-2383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2383"
    },
    {
      "name": "CVE-2025-0167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
    },
    {
      "name": "CVE-2025-22079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22079"
    },
    {
      "name": "CVE-2022-21546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21546"
    },
    {
      "name": "CVE-2023-6597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
    },
    {
      "name": "CVE-2025-1923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1923"
    },
    {
      "name": "CVE-2025-22227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
    },
    {
      "name": "CVE-2021-2166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2166"
    },
    {
      "name": "CVE-2025-47273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
    },
    {
      "name": "CVE-2022-21339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21339"
    },
    {
      "name": "CVE-2025-23140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23140"
    },
    {
      "name": "CVE-2025-23150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23150"
    },
    {
      "name": "CVE-2025-1938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1938"
    },
    {
      "name": "CVE-2023-22059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22059"
    },
    {
      "name": "CVE-2020-2923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2923"
    },
    {
      "name": "CVE-2025-4919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4919"
    },
    {
      "name": "CVE-2019-2681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2681"
    },
    {
      "name": "CVE-2022-48303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48303"
    },
    {
      "name": "CVE-2025-0240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0240"
    },
    {
      "name": "CVE-2023-22066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22066"
    },
    {
      "name": "CVE-2021-43618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
    },
    {
      "name": "CVE-2019-2757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2757"
    },
    {
      "name": "CVE-2020-14848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14848"
    },
    {
      "name": "CVE-2018-3280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3280"
    },
    {
      "name": "CVE-2016-1000027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
    },
    {
      "name": "CVE-2020-2924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2924"
    },
    {
      "name": "CVE-2025-8576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8576"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    },
    {
      "name": "CVE-2025-1012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1012"
    },
    {
      "name": "CVE-2025-21964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21964"
    },
    {
      "name": "CVE-2024-0567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0567"
    },
    {
      "name": "CVE-2025-22081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22081"
    },
    {
      "name": "CVE-2025-5267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5267"
    },
    {
      "name": "CVE-2022-27772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27772"
    },
    {
      "name": "CVE-2025-23148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23148"
    },
    {
      "name": "CVE-2023-31438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31438"
    },
    {
      "name": "CVE-2025-6555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6555"
    },
    {
      "name": "CVE-2022-0396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0396"
    },
    {
      "name": "CVE-2025-3576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
    },
    {
      "name": "CVE-2025-0245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0245"
    },
    {
      "name": "CVE-2019-2830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2830"
    },
    {
      "name": "CVE-2021-35633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35633"
    },
    {
      "name": "CVE-2024-10462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10462"
    },
    {
      "name": "CVE-2023-22068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22068"
    },
    {
      "name": "CVE-2024-6923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
    },
    {
      "name": "CVE-2020-14867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14867"
    },
    {
      "name": "CVE-2025-23147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23147"
    },
    {
      "name": "CVE-2024-8088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
    },
    {
      "name": "CVE-2025-48734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0756",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-09-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36093",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36093"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36102",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36102"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36101",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36101"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36100",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36100"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36105",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36105"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36091",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36091"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36078",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36078"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36107",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36107"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36094",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36094"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36097",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36097"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-46",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36104"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36108",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36108"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36095",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36095"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-09",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36090"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36096",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36096"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36106",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36106"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36109",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36109"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36098",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36098"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-68",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36111"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36103",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36103"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36099",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36099"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36092",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36092"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36110",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36110"
    }
  ]
}

CERTFR-2025-AVI-0855

Vulnerability from certfr_avis - Published: 2025-10-09 - Updated: 2025-10-09

De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS	Junos OS versions 24.4 antérieures à 24.4R2
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 22.4R3-S8-EVO
Juniper Networks	Junos OS	Junos OS versions 23.4 antérieures à 23.4R2-S5
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 23.2-EVO antérieures à 23.2R2-S4-EVO
Juniper Networks	Junos OS	Junos OS versions antérieures à 22.4R3-S8
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 24.2-EVO antérieures à 24.2R2-S2-EVO
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 24.4-EVO antérieures à 24.4R2-EVO
Juniper Networks	Junos Space	Junos Space versions antérieures à 24.1R4
Juniper Networks	Security Director	Security Director Policy Enforcer versions antérieures à 23.1R1 Hotpatch v3
Juniper Networks	Junos Space	Junos Space Security Director versions antérieures à 24.1R4
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 23.4-EVO antérieures à 23.4R2-S5-EVO
Juniper Networks	Junos OS	Junos OS versions 23.2 antérieures à 23.2R2-S4
Juniper Networks	Junos OS	Junos OS versions 24.2 antérieures à 24.2R2-S1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks JSA103140	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103141	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103163	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103168	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103171	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103167	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103156	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103437	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103172	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103157	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103170	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103139	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103151	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103153	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103147	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103144	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103143	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103146	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103138	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103165	2025-10-08	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS versions 24.4 ant\u00e9rieures \u00e0 24.4R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions  ant\u00e9rieures \u00e0 22.4R3-S8-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R2-S5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-S4-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 22.4R3-S8",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 24.2-EVO ant\u00e9rieures \u00e0 24.2R2-S2-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 24.4-EVO ant\u00e9rieures \u00e0 24.4R2-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R4",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Security Director Policy Enforcer versions ant\u00e9rieures \u00e0 23.1R1 Hotpatch v3",
      "product": {
        "name": "Security Director",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space Security Director versions ant\u00e9rieures \u00e0 24.1R4",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-S5-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.2 ant\u00e9rieures \u00e0 23.2R2-S4",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 24.2 ant\u00e9rieures \u00e0 24.2R2-S1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-24795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24795"
    },
    {
      "name": "CVE-2024-36903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36903"
    },
    {
      "name": "CVE-2023-44431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44431"
    },
    {
      "name": "CVE-2021-47606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47606"
    },
    {
      "name": "CVE-2025-59993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59993"
    },
    {
      "name": "CVE-2025-59997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59997"
    },
    {
      "name": "CVE-2023-7104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
    },
    {
      "name": "CVE-2025-59995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59995"
    },
    {
      "name": "CVE-2024-21235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
    },
    {
      "name": "CVE-2023-28466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28466"
    },
    {
      "name": "CVE-2024-36921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36921"
    },
    {
      "name": "CVE-2025-59986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59986"
    },
    {
      "name": "CVE-2025-60009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60009"
    },
    {
      "name": "CVE-2025-59989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59989"
    },
    {
      "name": "CVE-2024-26897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26897"
    },
    {
      "name": "CVE-2023-46103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46103"
    },
    {
      "name": "CVE-2024-27052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
    },
    {
      "name": "CVE-2023-2235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2235"
    },
    {
      "name": "CVE-2025-59999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59999"
    },
    {
      "name": "CVE-2025-59994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59994"
    },
    {
      "name": "CVE-2024-4076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4076"
    },
    {
      "name": "CVE-2025-59967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59967"
    },
    {
      "name": "CVE-2022-24805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24805"
    },
    {
      "name": "CVE-2024-12797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
    },
    {
      "name": "CVE-2023-3390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3390"
    },
    {
      "name": "CVE-2024-37356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37356"
    },
    {
      "name": "CVE-2024-47538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47538"
    },
    {
      "name": "CVE-2023-4004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4004"
    },
    {
      "name": "CVE-2024-21823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21823"
    },
    {
      "name": "CVE-2025-59991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59991"
    },
    {
      "name": "CVE-2024-5564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5564"
    },
    {
      "name": "CVE-2024-26600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26600"
    },
    {
      "name": "CVE-2023-28746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
    },
    {
      "name": "CVE-2023-52864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52864"
    },
    {
      "name": "CVE-2025-26600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26600"
    },
    {
      "name": "CVE-2024-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
    },
    {
      "name": "CVE-2024-27280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27280"
    },
    {
      "name": "CVE-2024-36929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36929"
    },
    {
      "name": "CVE-2023-35788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
    },
    {
      "name": "CVE-2025-59982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59982"
    },
    {
      "name": "CVE-2024-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
    },
    {
      "name": "CVE-2023-43785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43785"
    },
    {
      "name": "CVE-2024-30205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30205"
    },
    {
      "name": "CVE-2018-17247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17247"
    },
    {
      "name": "CVE-2025-60004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60004"
    },
    {
      "name": "CVE-2023-51594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51594"
    },
    {
      "name": "CVE-2024-22025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
    },
    {
      "name": "CVE-2023-50229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50229"
    },
    {
      "name": "CVE-2025-59974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59974"
    },
    {
      "name": "CVE-2025-26598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26598"
    },
    {
      "name": "CVE-2018-3824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3824"
    },
    {
      "name": "CVE-2024-40928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40928"
    },
    {
      "name": "CVE-2024-43398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
    },
    {
      "name": "CVE-2024-8508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8508"
    },
    {
      "name": "CVE-2024-36020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36020"
    },
    {
      "name": "CVE-2021-45105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
    },
    {
      "name": "CVE-2025-59981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59981"
    },
    {
      "name": "CVE-2023-31248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31248"
    },
    {
      "name": "CVE-2024-1737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
    },
    {
      "name": "CVE-2023-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
    },
    {
      "name": "CVE-2021-4104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
    },
    {
      "name": "CVE-2024-30203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30203"
    },
    {
      "name": "CVE-2023-3090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3090"
    },
    {
      "name": "CVE-2024-35937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35937"
    },
    {
      "name": "CVE-2025-59968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59968"
    },
    {
      "name": "CVE-2023-51592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51592"
    },
    {
      "name": "CVE-2025-59990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59990"
    },
    {
      "name": "CVE-2021-22146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22146"
    },
    {
      "name": "CVE-2025-59978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59978"
    },
    {
      "name": "CVE-2024-25629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
    },
    {
      "name": "CVE-2024-36017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36017"
    },
    {
      "name": "CVE-2024-24806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24806"
    },
    {
      "name": "CVE-2024-27434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27434"
    },
    {
      "name": "CVE-2023-47038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
    },
    {
      "name": "CVE-2024-35852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35852"
    },
    {
      "name": "CVE-2024-38558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38558"
    },
    {
      "name": "CVE-2025-59992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59992"
    },
    {
      "name": "CVE-2024-35845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
    },
    {
      "name": "CVE-2021-41072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41072"
    },
    {
      "name": "CVE-2025-60000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60000"
    },
    {
      "name": "CVE-2022-24807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24807"
    },
    {
      "name": "CVE-2024-47607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47607"
    },
    {
      "name": "CVE-2024-27065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27065"
    },
    {
      "name": "CVE-2024-36005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36005"
    },
    {
      "name": "CVE-2023-45866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45866"
    },
    {
      "name": "CVE-2023-27349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27349"
    },
    {
      "name": "CVE-2023-0464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
    },
    {
      "name": "CVE-2015-5377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5377"
    },
    {
      "name": "CVE-2023-48161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
    },
    {
      "name": "CVE-2022-24810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24810"
    },
    {
      "name": "CVE-2024-33621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33621"
    },
    {
      "name": "CVE-2024-27983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
    },
    {
      "name": "CVE-2025-60001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60001"
    },
    {
      "name": "CVE-2024-5742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5742"
    },
    {
      "name": "CVE-2023-50230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50230"
    },
    {
      "name": "CVE-2025-52960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52960"
    },
    {
      "name": "CVE-2024-36922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36922"
    },
    {
      "name": "CVE-2025-59996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59996"
    },
    {
      "name": "CVE-2024-39487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
    },
    {
      "name": "CVE-2024-27982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
    },
    {
      "name": "CVE-2023-38575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38575"
    },
    {
      "name": "CVE-2024-35911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35911"
    },
    {
      "name": "CVE-2025-59957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59957"
    },
    {
      "name": "CVE-2025-59958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59958"
    },
    {
      "name": "CVE-2021-41043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41043"
    },
    {
      "name": "CVE-2018-17244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17244"
    },
    {
      "name": "CVE-2019-12900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
    },
    {
      "name": "CVE-2024-39908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
    },
    {
      "name": "CVE-2025-26597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26597"
    },
    {
      "name": "CVE-2024-36971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36971"
    },
    {
      "name": "CVE-2023-2603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
    },
    {
      "name": "CVE-2024-41946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
    },
    {
      "name": "CVE-2023-3776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
    },
    {
      "name": "CVE-2024-42934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42934"
    },
    {
      "name": "CVE-2023-51580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51580"
    },
    {
      "name": "CVE-2024-35848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35848"
    },
    {
      "name": "CVE-2024-27417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27417"
    },
    {
      "name": "CVE-2023-21102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21102"
    },
    {
      "name": "CVE-2024-27281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27281"
    },
    {
      "name": "CVE-2025-59983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59983"
    },
    {
      "name": "CVE-2024-36941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36941"
    },
    {
      "name": "CVE-2024-2236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
    },
    {
      "name": "CVE-2024-38428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
    },
    {
      "name": "CVE-2024-35969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35969"
    },
    {
      "name": "CVE-2021-45046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
    },
    {
      "name": "CVE-2025-60006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60006"
    },
    {
      "name": "CVE-2024-36489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36489"
    },
    {
      "name": "CVE-2015-1427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1427"
    },
    {
      "name": "CVE-2024-38575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38575"
    },
    {
      "name": "CVE-2024-35899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35899"
    },
    {
      "name": "CVE-2024-35823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35823"
    },
    {
      "name": "CVE-2024-40954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
    },
    {
      "name": "CVE-2024-9632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9632"
    },
    {
      "name": "CVE-2023-38408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
    },
    {
      "name": "CVE-2025-26595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26595"
    },
    {
      "name": "CVE-2024-26868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26868"
    },
    {
      "name": "CVE-2023-43787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43787"
    },
    {
      "name": "CVE-2023-43786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43786"
    },
    {
      "name": "CVE-2024-8235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8235"
    },
    {
      "name": "CVE-2023-4147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4147"
    },
    {
      "name": "CVE-2025-59977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59977"
    },
    {
      "name": "CVE-2023-6004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
    },
    {
      "name": "CVE-2023-3610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3610"
    },
    {
      "name": "CVE-2025-26596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26596"
    },
    {
      "name": "CVE-2024-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
    },
    {
      "name": "CVE-2022-48622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48622"
    },
    {
      "name": "CVE-2021-42550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42550"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2024-26828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26828"
    },
    {
      "name": "CVE-2025-59998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59998"
    },
    {
      "name": "CVE-2024-26808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26808"
    },
    {
      "name": "CVE-2024-30204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30204"
    },
    {
      "name": "CVE-2025-60002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60002"
    },
    {
      "name": "CVE-2023-35001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
    },
    {
      "name": "CVE-2024-27282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27282"
    },
    {
      "name": "CVE-2018-3831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3831"
    },
    {
      "name": "CVE-2023-43490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43490"
    },
    {
      "name": "CVE-2025-59976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59976"
    },
    {
      "name": "CVE-2025-59980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59980"
    },
    {
      "name": "CVE-2025-26599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26599"
    },
    {
      "name": "CVE-2024-47615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47615"
    },
    {
      "name": "CVE-2018-3823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3823"
    },
    {
      "name": "CVE-2023-22655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22655"
    },
    {
      "name": "CVE-2024-6126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6126"
    },
    {
      "name": "CVE-2023-4911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
    },
    {
      "name": "CVE-2023-39368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39368"
    },
    {
      "name": "CVE-2021-44832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
    },
    {
      "name": "CVE-2024-26853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26853"
    },
    {
      "name": "CVE-2025-59975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59975"
    },
    {
      "name": "CVE-2025-0624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0624"
    },
    {
      "name": "CVE-2025-59987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59987"
    },
    {
      "name": "CVE-2024-40958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
    },
    {
      "name": "CVE-2018-3826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3826"
    },
    {
      "name": "CVE-2025-26601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26601"
    },
    {
      "name": "CVE-2024-52337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52337"
    },
    {
      "name": "CVE-2025-59985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59985"
    },
    {
      "name": "CVE-2025-11198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11198"
    },
    {
      "name": "CVE-2022-24806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24806"
    },
    {
      "name": "CVE-2023-32233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32233"
    },
    {
      "name": "CVE-2024-35789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35789"
    },
    {
      "name": "CVE-2024-26327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26327"
    },
    {
      "name": "CVE-2015-3253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3253"
    },
    {
      "name": "CVE-2025-59964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59964"
    },
    {
      "name": "CVE-2025-59988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59988"
    },
    {
      "name": "CVE-2024-21210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
    },
    {
      "name": "CVE-2024-2511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
    },
    {
      "name": "CVE-2024-34397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
    },
    {
      "name": "CVE-2023-45733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45733"
    },
    {
      "name": "CVE-2021-40153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40153"
    },
    {
      "name": "CVE-2024-6655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6655"
    },
    {
      "name": "CVE-2024-41123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
    },
    {
      "name": "CVE-2024-27049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27049"
    },
    {
      "name": "CVE-2025-59984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59984"
    },
    {
      "name": "CVE-2025-52961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52961"
    },
    {
      "name": "CVE-2023-51589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51589"
    },
    {
      "name": "CVE-2024-21217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
    },
    {
      "name": "CVE-2024-28182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
    },
    {
      "name": "CVE-2021-3903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3903"
    },
    {
      "name": "CVE-2024-35800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35800"
    },
    {
      "name": "CVE-2023-2124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
    },
    {
      "name": "CVE-2023-51596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51596"
    },
    {
      "name": "CVE-2025-60010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60010"
    },
    {
      "name": "CVE-2023-51764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51764"
    },
    {
      "name": "CVE-2025-26594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26594"
    },
    {
      "name": "CVE-2024-6409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6409"
    },
    {
      "name": "CVE-2024-49761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
    },
    {
      "name": "CVE-2022-24808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24808"
    },
    {
      "name": "CVE-2025-59962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59962"
    },
    {
      "name": "CVE-2024-21208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    },
    {
      "name": "CVE-2024-40961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40961"
    }
  ],
  "initial_release_date": "2025-10-09T00:00:00",
  "last_revision_date": "2025-10-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0855",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
  "vendor_advisories": [
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103140",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Multiple-XSS-vulnerabilities-resolved-in-24-1R4-release"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103141",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R4-release"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103163",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-Multiple-OS-command-injection-vulnerabilities-fixed-CVE-2025-60006"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103168",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Device-allows-login-for-user-with-expired-password-CVE-2025-60010"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103171",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Reflected-client-side-HTTP-parameter-pollution-vulnerability-in-web-interface-CVE-2025-59977"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103167",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-When-a-user-with-the-name-ftp-or-anonymous-is-configured-unauthenticated-filesystem-access-is-allowed-CVE-2025-59980"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103156",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-ACX7024-ACX7024X-ACX7100-32C-ACX7100-48L-ACX7348-ACX7509-When-specific-valid-multicast-traffic-is-received-on-the-L3-interface-a-vulnerable-device-evo-pfemand-crashes-and-restarts-CVE-2025-59967"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103437",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Security-Director-Policy-Enforcer-An-unrestricted-API-allows-a-network-based-unauthenticated-attacker-to-deploy-malicious-vSRX-images-to-VMWare-NSX-Server-CVE-2025-11198"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103172",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Flooding-device-with-inbound-API-calls-leads-to-WebUI-and-CLI-management-access-DoS-CVE-2025-59975"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103157",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Juniper-Security-Director-Insufficient-authorization-for-sensitive-resources-in-web-interface-CVE-2025-59968"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103170",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Arbitrary-file-download-vulnerability-in-web-interface-CVE-2025-59976"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103139",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R4"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103151",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-BGP-sharding-enabled-change-in-indirect-next-hop-can-cause-RPD-crash-CVE-2025-59962"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103153",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-SRX4700-When-forwarding-options-sampling-is-enabled-any-traffic-destined-to-the-RE-will-cause-the-forwarding-line-card-to-crash-and-restart-CVE-2025-59964"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103147",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-When-firewall-filter-rejects-traffic-these-packets-are-erroneously-sent-to-the-RE-CVE-2025-59958"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103144",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-except-PTX10003-An-unauthenticated-adjacent-attacker-sending-specific-valid-traffic-can-cause-a-memory-leak-in-cfmman-leading-to-FPC-crash-and-restart-CVE-2025-52961"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103143",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-Receipt-of-specific-SIP-packets-in-a-high-utilization-situation-causes-a-flowd-crash-CVE-2025-52960"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103146",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-EX4600-Series-and-QFX5000-Series-An-attacker-with-physical-access-can-open-a-persistent-backdoor-CVE-2025-59957"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103138",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R4-by-upgrading-Log4j-Java-library-to-2-23-1-and-ElasticSearch-to-6-8-17"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103165",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Specific-BGP-EVPN-update-message-causes-rpd-crash-CVE-2025-60004"
    }
  ]
}

CERTFR-2021-AVI-951

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans le noyau Linux de RedHat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - AUS 8.4 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - TUS 8.4 x86_64
Red Hat	N/A	Red Hat JBoss Middleware Text-Only Advisories for MIDDLEWARE 1 x86_64
SolarWinds	Platform	Red Hat OpenShift Container Platform for Power 4.8 for RHEL 8 ppc64le
Red Hat	N/A	Red Hat Integration Text-Only Advisories x86_64
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.4 ppc64le
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.4 aarch64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64
Red Hat	N/A	Red Hat Openshift Application Runtimes Text-Only Advisories x86_64
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4 x86_64
Red Hat	N/A	Red Hat Integration - Camel K 1 x86_64
SolarWinds	Platform	Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
Red Hat	N/A	Red Hat Fuse 1 x86_64
SolarWinds	Platform	Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.8 for RHEL 8 s390x
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64
Red Hat	N/A	Red Hat JBoss Data Grid Text-Only Advisories x86_64

References

Title

Publication Time

Tags

Bulletin de sécurité RedHat RHSA-2021:5130 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité RedHat RHBA-2021:5114 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2021:5138 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2021:5132 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2021:5126 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2021:5134 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2021:5133 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2021:5108 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2021:5093 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2021:5101 du 14 décembre 2021	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Red Hat Enterprise Linux Server - AUS 8.4 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - TUS 8.4 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat JBoss Middleware Text-Only Advisories for MIDDLEWARE 1 x86_64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat OpenShift Container Platform for Power 4.8 for RHEL 8 ppc64le",
      "product": {
        "name": "Platform",
        "vendor": {
          "name": "SolarWinds",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Integration Text-Only Advisories x86_64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.4 ppc64le",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.4 aarch64",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Openshift Application Runtimes Text-Only Advisories x86_64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4 x86_64",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Integration - Camel K 1 x86_64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64",
      "product": {
        "name": "Platform",
        "vendor": {
          "name": "SolarWinds",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Fuse 1 x86_64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.8 for RHEL 8 s390x",
      "product": {
        "name": "Platform",
        "vendor": {
          "name": "SolarWinds",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat JBoss Data Grid Text-Only Advisories x86_64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-27223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27223"
    },
    {
      "name": "CVE-2020-27218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27218"
    },
    {
      "name": "CVE-2021-21343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21343"
    },
    {
      "name": "CVE-2021-29425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
    },
    {
      "name": "CVE-2021-21409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
    },
    {
      "name": "CVE-2021-22118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22118"
    },
    {
      "name": "CVE-2020-2875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2875"
    },
    {
      "name": "CVE-2021-3536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3536"
    },
    {
      "name": "CVE-2021-28169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
    },
    {
      "name": "CVE-2021-21348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21348"
    },
    {
      "name": "CVE-2020-11988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11988"
    },
    {
      "name": "CVE-2020-35510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35510"
    },
    {
      "name": "CVE-2021-45606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45606"
    },
    {
      "name": "CVE-2020-2934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2934"
    },
    {
      "name": "CVE-2021-21344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21344"
    },
    {
      "name": "CVE-2020-26259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26259"
    },
    {
      "name": "CVE-2021-3597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3597"
    },
    {
      "name": "CVE-2021-28170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28170"
    },
    {
      "name": "CVE-2021-21341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21341"
    },
    {
      "name": "CVE-2020-13949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
    },
    {
      "name": "CVE-2021-4104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
    },
    {
      "name": "CVE-2021-3690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3690"
    },
    {
      "name": "CVE-2020-17521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-17521"
    },
    {
      "name": "CVE-2021-22696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22696"
    },
    {
      "name": "CVE-2021-28163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
    },
    {
      "name": "CVE-2021-37137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
    },
    {
      "name": "CVE-2020-9488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9488"
    },
    {
      "name": "CVE-2021-21347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21347"
    },
    {
      "name": "CVE-2021-27568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27568"
    },
    {
      "name": "CVE-2020-26217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26217"
    },
    {
      "name": "CVE-2021-37136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
    },
    {
      "name": "CVE-2021-23926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23926"
    },
    {
      "name": "CVE-2019-10744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10744"
    },
    {
      "name": "CVE-2021-21295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
    },
    {
      "name": "CVE-2021-21346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21346"
    },
    {
      "name": "CVE-2021-30468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30468"
    },
    {
      "name": "CVE-2021-21351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21351"
    },
    {
      "name": "CVE-2021-21345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21345"
    },
    {
      "name": "CVE-2020-28491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28491"
    },
    {
      "name": "CVE-2021-45046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
    },
    {
      "name": "CVE-2021-37714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37714"
    },
    {
      "name": "CVE-2019-12415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12415"
    },
    {
      "name": "CVE-2021-20218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20218"
    },
    {
      "name": "CVE-2020-27782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27782"
    },
    {
      "name": "CVE-2021-30129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30129"
    },
    {
      "name": "CVE-2020-17527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-17527"
    },
    {
      "name": "CVE-2021-21349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21349"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2020-13943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13943"
    },
    {
      "name": "CVE-2020-15522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15522"
    },
    {
      "name": "CVE-2021-28164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28164"
    },
    {
      "name": "CVE-2020-11987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11987"
    },
    {
      "name": "CVE-2021-21290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
    },
    {
      "name": "CVE-2021-21342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21342"
    },
    {
      "name": "CVE-2021-3629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3629"
    },
    {
      "name": "CVE-2021-21350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21350"
    },
    {
      "name": "CVE-2021-34428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5101 du 14 d\u00e9cembre 2021",
      "url": "https://access.redhat.com/errata/RHBA-2021:5101"
    }
  ],
  "reference": "CERTFR-2021-AVI-951",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-12-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nRedHat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de RedHat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5130 du 14 d\u00e9cembre 2021",
      "url": "https://access.redhat.com/errata/RHSA-2021:5130"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHBA-2021:5114 du 14 d\u00e9cembre 2021",
      "url": "https://access.redhat.com/errata/RHBA-2021:5114"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5138 du 14 d\u00e9cembre 2021",
      "url": "https://access.redhat.com/errata/RHSA-2021:5138"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5132 du 14 d\u00e9cembre 2021",
      "url": "https://access.redhat.com/errata/RHSA-2021:5132"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5126 du 14 d\u00e9cembre 2021",
      "url": "https://access.redhat.com/errata/RHSA-2021:5126"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5134 du 14 d\u00e9cembre 2021",
      "url": "https://access.redhat.com/errata/RHSA-2021:5134"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5133 du 14 d\u00e9cembre 2021",
      "url": "https://access.redhat.com/errata/RHSA-2021:5133"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5108 du 14 d\u00e9cembre 2021",
      "url": "https://access.redhat.com/errata/RHSA-2021:5108"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5093 du 14 d\u00e9cembre 2021",
      "url": "https://access.redhat.com/errata/RHSA-2021:5093"
    }
  ]
}

CERTFR-2022-AVI-526

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Db2	IBM Db2 versions 11.5.x antérieures à 11.5.7 sans le dernier correctif de sécurité
IBM	Db2	IBM Db2 versions 10.5.x antérieures à 10.5 FP11
IBM	Db2	IBM Db2 versions 11.1.x antérieures à 11.1.4 FP6
IBM	Db2	IBM Db2 versions 11.5.x antérieures à 11.5.6 sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6528672 du 06 juin 2022	None	vendor-advisory
Bulletin de sécurité IBM 6528678 du 07 juin 2022	None	vendor-advisory
Bulletin de sécurité IBM 6526462 du 06 juin 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.7 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 10.5.x ant\u00e9rieures \u00e0 10.5 FP11",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 11.1.x ant\u00e9rieures \u00e0 11.1.4 FP6",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.6 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-45105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
    },
    {
      "name": "CVE-2021-4104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
    },
    {
      "name": "CVE-2021-45046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2021-44832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-526",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, une ex\u00e9cution de code\narbitraire et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6528672 du 06 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6528672"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6528678 du 07 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6528678"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6526462 du 06 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6526462"
    }
  ]
}

CERTFR-2022-AVI-124

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Système affecté	Lien vers l'avis éditeur
Advantage Navigator Energy & Sustainability	Lien
Advantage Navigator Software Proxy V6	Lien
Building Operator Discovery Distribution for the Connect X200 Gateway	Lien
Building Operator Discovery Distribution for the Connect X300 Gateway	Lien
Building Twin - 360° Viewer	Lien
Capital	Lien
Cerberus DMS	Lien
CloudConnect 712	Lien
COMOS	Lien
COMOS V10.2	Lien
COMOS V10.3	Lien
COMOS V10.4	Lien
cRSP Operator Client Starter	Lien
cRSP	Lien
Desigo CC	Lien
Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller	Lien
Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller	Lien
Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller	Lien
Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller	Lien
Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller	Lien
Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200	Lien
E-Car OC Cloud Application	Lien
Energy Engage	Lien
EnergyIP Prepay V3.7	Lien
EnergyIP Prepay V3.8	Lien
EnergyIP	Lien
Enlighted Amaze	Lien
Enlighted Where	Lien
Geolus Shape Search V10	Lien
Geolus Shape Search V11	Lien
GMA-Manager	Lien
HEEDS Connect	Lien
HES UDIS	Lien
IE/AS-i Link PN IO	Lien
IE/PB-Link (incl. SIPLUS NET variants)	Lien
IE/PB LINK PN IO (incl. SIPLUS NET variants)	Lien
Industrial Edge Hub	Lien
Industrial Edge Management App (IEM-App)	Lien
Industrial Edge Management OS (IEM-OS)	Lien
jROS for Spectrum Power 4	Lien
jROS for Spectrum Power 7	Lien
JT2Go	Lien
KTK ATE530S	Lien
LOGO! CMR2020	Lien
LOGO! CMR2040	Lien
Mendix Applications	Lien
MindSphere App Management Cockpits (Developer& Operator)	Lien
MindSphere Asset Manager	Lien
Mindsphere Cloud Foundry	Lien
Mindsphere Cloud Platform	Lien
MindSphere IAM (User Management/ Settings)	Lien
MindSphere Integrated Data Lake	Lien
MindSphere Notification Service	Lien
MindSphere Predictive Learning	Lien
MindSphere Usage Transparency Service	Lien
MindSphere Visual Explorer	Lien
NXpower Monitor	Lien
NX	Lien
Opcenter EX CP Process Automation Control	Lien
Opcenter Execution Core Process Automation Control	Lien
Opcenter Intelligence	Lien
Operation Scheduler	Lien
PROFINET Driver for Controller	Lien
PSS(R)CAPE	Lien
RFID 181EIP	Lien
ROX II	Lien
RUGGEDCOM APE1404 Linux	Lien
RUGGEDCOM CROSSBOW Station Access Controller	Lien
RUGGEDCOM RCM1224	Lien
RUGGEDCOM RM1224 LTE(4G) EU	Lien
RUGGEDCOM RM1224 LTE(4G) EU	Lien
RUGGEDCOM RM1224 LTE(4G) NAM	Lien
RUGGEDCOM RM1224 LTE(4G) NAM	Lien
RUGGEDCOM RM1224	Lien
RUGGEDCOM RM1224	Lien
RUGGEDCOM RM1224	Lien
RUGGEDCOM ROX MX5000RE	Lien
RUGGEDCOM ROX MX5000	Lien
RUGGEDCOM ROX RX1400	Lien
RUGGEDCOM ROX RX1500	Lien
RUGGEDCOM ROX RX1501	Lien
RUGGEDCOM ROX RX1510	Lien
RUGGEDCOM ROX RX1511	Lien
RUGGEDCOM ROX RX1512	Lien
RUGGEDCOM ROX RX1524	Lien
RUGGEDCOM ROX RX1536	Lien
RUGGEDCOM ROX RX5000	Lien
RUGGEDCOM RX1400 VPE Debian Linux	Lien
RUGGEDCOM RX1400 VPE Linux CloudConnect	Lien
SCALANCE LPE9403	Lien
SCALANCE M-800 / S615	Lien
SCALANCE M-800	Lien
SCALANCE M804PB	Lien
SCALANCE M804PB	Lien
SCALANCE M804PB	Lien
SCALANCE M804PB	Lien
SCALANCE M804PB	Lien
SCALANCE M812-1 ADSL-Router (Annex A)	Lien
SCALANCE M812-1 ADSL-Router (Annex A)	Lien
SCALANCE M812-1 ADSL-Router (Annex A)	Lien
SCALANCE M812-1 ADSL-Router (Annex A)	Lien
SCALANCE M812-1 ADSL-Router (Annex B)	Lien
SCALANCE M812-1 ADSL-Router (Annex B)	Lien
SCALANCE M812-1 ADSL-Router (Annex B)	Lien
SCALANCE M812-1 ADSL-Router (Annex B)	Lien
SCALANCE M812-1 ADSL-Router	Lien
SCALANCE M816-1 ADSL-Router (Annex A)	Lien
SCALANCE M816-1 ADSL-Router (Annex A)	Lien
SCALANCE M816-1 ADSL-Router (Annex A)	Lien
SCALANCE M816-1 ADSL-Router (Annex A)	Lien
SCALANCE M816-1 ADSL-Router (Annex B)	Lien
SCALANCE M816-1 ADSL-Router (Annex B)	Lien
SCALANCE M816-1 ADSL-Router (Annex B)	Lien
SCALANCE M816-1 ADSL-Router (Annex B)	Lien
SCALANCE M816-1 ADSL-Router	Lien
SCALANCE M826-2 SHDSL-Router	Lien
SCALANCE M826-2 SHDSL-Router	Lien
SCALANCE M826-2 SHDSL-Router	Lien
SCALANCE M826-2 SHDSL-Router	Lien
SCALANCE M826-2 SHDSL-Router	Lien
SCALANCE M874-2	Lien
SCALANCE M874-2	Lien
SCALANCE M874-2	Lien
SCALANCE M874-2	Lien
SCALANCE M874-2	Lien
SCALANCE M874-3	Lien
SCALANCE M874-3	Lien
SCALANCE M874-3	Lien
SCALANCE M874-3	Lien
SCALANCE M874-3	Lien
SCALANCE M875	Lien
SCALANCE M876-3 (ROK)	Lien
SCALANCE M876-3 (ROK)	Lien
SCALANCE M876-3 (ROK)	Lien
SCALANCE M876-3 (ROK)	Lien
SCALANCE M876-3 (ROK)	Lien
SCALANCE M876-3	Lien
SCALANCE M876-3	Lien
SCALANCE M876-3	Lien
SCALANCE M876-3	Lien
SCALANCE M876-3	Lien
SCALANCE M876-4 (EU)	Lien
SCALANCE M876-4 (EU)	Lien
SCALANCE M876-4 (EU)	Lien
SCALANCE M876-4 (EU)	Lien
SCALANCE M876-4 (EU)	Lien
SCALANCE M876-4 (NAM)	Lien
SCALANCE M876-4 (NAM)	Lien
SCALANCE M876-4 (NAM)	Lien
SCALANCE M876-4 (NAM)	Lien
SCALANCE M876-4 (NAM)	Lien
SCALANCE MUM856-1 (EU)	Lien
SCALANCE MUM856-1 (EU)	Lien
SCALANCE MUM856-1 (RoW)	Lien
SCALANCE MUM856-1 (RoW)	Lien
SCALANCE S602	Lien
SCALANCE S602	Lien
SCALANCE S602	Lien
SCALANCE S612	Lien
SCALANCE S612	Lien
SCALANCE S612	Lien
SCALANCE S615	Lien
SCALANCE S615	Lien
SCALANCE S615	Lien
SCALANCE S615	Lien
SCALANCE S615	Lien
SCALANCE S623	Lien
SCALANCE S623	Lien
SCALANCE S623	Lien
SCALANCE S627-2M	Lien
SCALANCE S627-2M	Lien
SCALANCE S627-2M	Lien
SCALANCE SC622-2C	Lien
SCALANCE SC622-2C	Lien
SCALANCE SC622-2C	Lien
SCALANCE SC622-2C	Lien
SCALANCE SC632-2C	Lien
SCALANCE SC632-2C	Lien
SCALANCE SC632-2C	Lien
SCALANCE SC632-2C	Lien
SCALANCE SC636-2C	Lien
SCALANCE SC636-2C	Lien
SCALANCE SC636-2C	Lien
SCALANCE SC636-2C	Lien
SCALANCE SC642-2C	Lien
SCALANCE SC642-2C	Lien
SCALANCE SC642-2C	Lien
SCALANCE SC642-2C	Lien
SCALANCE SC646-2C	Lien
SCALANCE SC646-2C	Lien
SCALANCE SC646-2C	Lien
SCALANCE SC646-2C	Lien
SCALANCE W-1700 IEEE 802.11ac family	Lien
SCALANCE W-1700 IEEE 802.11ac family	Lien
SCALANCE W-1700 IEEE 802.11ac family	Lien
SCALANCE W1748-1 M12	Lien
SCALANCE W1748-1 M12	Lien
SCALANCE W1750D	Lien
SCALANCE W1750D	Lien
SCALANCE W1788-1 M12	Lien
SCALANCE W1788-1 M12	Lien
SCALANCE W1788-2 EEC M12	Lien
SCALANCE W1788-2 EEC M12	Lien
SCALANCE W1788-2IA M12	Lien
SCALANCE W1788-2IA M12	Lien
SCALANCE W1788-2 M12	Lien
SCALANCE W1788-2 M12	Lien
SCALANCE W-700 IEEE 802.11n family	Lien
SCALANCE W-700 IEEE 802.11n family	Lien
SCALANCE W-700 IEEE 802.11n family	Lien
SCALANCE W-700 IEEE 802.11n family	Lien
SCALANCE W700	Lien
SCALANCE W721-1 RJ45	Lien
SCALANCE W721-1 RJ45	Lien
SCALANCE W722-1 RJ45	Lien
SCALANCE W722-1 RJ45	Lien
SCALANCE W734-1 RJ45	Lien
SCALANCE W734-1 RJ45	Lien
SCALANCE W734-1 RJ45 (USA)	Lien
SCALANCE W734-1 RJ45 (USA)	Lien
SCALANCE W738-1 M12	Lien
SCALANCE W738-1 M12	Lien
SCALANCE W748-1 M12	Lien
SCALANCE W748-1 M12	Lien
SCALANCE W748-1 RJ45	Lien
SCALANCE W748-1 RJ45	Lien
SCALANCE W761-1 RJ45	Lien
SCALANCE W761-1 RJ45	Lien
SCALANCE W774-1 M12 EEC	Lien
SCALANCE W774-1 M12 EEC	Lien
SCALANCE W774-1 RJ45	Lien
SCALANCE W774-1 RJ45	Lien
SCALANCE W774-1 RJ45 (USA)	Lien
SCALANCE W774-1 RJ45 (USA)	Lien
SCALANCE W778-1 M12 EEC	Lien
SCALANCE W778-1 M12 EEC	Lien
SCALANCE W778-1 M12 EEC (USA)	Lien
SCALANCE W778-1 M12 EEC (USA)	Lien
SCALANCE W778-1 M12	Lien
SCALANCE W778-1 M12	Lien
SCALANCE W786-1 RJ45	Lien
SCALANCE W786-1 RJ45	Lien
SCALANCE W786-2IA RJ45	Lien
SCALANCE W786-2IA RJ45	Lien
SCALANCE W786-2 RJ45	Lien
SCALANCE W786-2 RJ45	Lien
SCALANCE W786-2 SFP	Lien
SCALANCE W786-2 SFP	Lien
SCALANCE W788-1 M12	Lien
SCALANCE W788-1 M12	Lien
SCALANCE W788-1 RJ45	Lien
SCALANCE W788-1 RJ45	Lien
SCALANCE W788-2 M12 EEC	Lien
SCALANCE W788-2 M12 EEC	Lien
SCALANCE W788-2 M12	Lien
SCALANCE W788-2 M12	Lien
SCALANCE W788-2 RJ45	Lien
SCALANCE W788-2 RJ45	Lien
SCALANCE WAM763-1	Lien
SCALANCE WAM766-1 6GHz	Lien
SCALANCE WAM766-1 6GHz	Lien
SCALANCE WAM766-1 EEC 6GHz	Lien
SCALANCE WAM766-1 EEC 6GHz	Lien
SCALANCE WAM766-1 EEC	Lien
SCALANCE WAM766-1 EEC	Lien
SCALANCE WAM766-1	Lien
SCALANCE WAM766-1	Lien
SCALANCE WLC711	Lien
SCALANCE WLC712	Lien
SCALANCE WUM763-1	Lien
SCALANCE WUM766-1 6GHz	Lien
SCALANCE WUM766-1 6GHz	Lien
SCALANCE WUM766-1	Lien
SCALANCE WUM766-1	Lien
SCALANCE X200-4 P IRT	Lien
SCALANCE X200-4 P IRT	Lien
SCALANCE X-200IRT (incl. SIPLUS NET variants)	Lien
SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)	Lien
SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)	Lien
SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)	Lien
SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)	Lien
SCALANCE X-200 switch family (incl. SIPLUS NET variants)	Lien
SCALANCE X-200 switch family (incl. SIPLUS NET variants)	Lien
SCALANCE X-200 switch family (incl. SIPLUS NET variants)	Lien
SCALANCE X-200 switch family (incl. SIPLUS NET variants)	Lien
SCALANCE X201-3P IRT PRO	Lien
SCALANCE X201-3P IRT PRO	Lien
SCALANCE X201-3P IRT	Lien
SCALANCE X201-3P IRT	Lien
SCALANCE X202-2 IRT	Lien
SCALANCE X202-2 IRT	Lien
SCALANCE X202-2P IRT (incl. SIPLUS NET variant)	Lien
SCALANCE X202-2P IRT (incl. SIPLUS NET variant)	Lien
SCALANCE X202-2P IRT PRO	Lien
SCALANCE X202-2P IRT PRO	Lien
SCALANCE X204-2FM	Lien
SCALANCE X204-2FM	Lien
SCALANCE X204-2 (incl. SIPLUS NET variant)	Lien
SCALANCE X204-2LD (incl. SIPLUS NET variant)	Lien
SCALANCE X204-2LD	Lien
SCALANCE X204-2LD TS	Lien
SCALANCE X204-2LD TS	Lien
SCALANCE X204-2	Lien
SCALANCE X204-2TS	Lien
SCALANCE X204-2TS	Lien
SCALANCE X204 IRT PRO	Lien
SCALANCE X204 IRT PRO	Lien
SCALANCE X204 IRT	Lien
SCALANCE X204 IRT	Lien
SCALANCE X204RNA EEC (HSR)	Lien
SCALANCE X204RNA EEC (HSR)	Lien
SCALANCE X204RNA EEC (PRP/HSR)	Lien
SCALANCE X204RNA EEC (PRP/HSR)	Lien
SCALANCE X204RNA EEC (PRP)	Lien
SCALANCE X204RNA EEC (PRP)	Lien
SCALANCE X204RNA (HSR)	Lien
SCALANCE X204RNA (HSR)	Lien
SCALANCE X204RNA (PRP)	Lien
SCALANCE X204RNA (PRP)	Lien
SCALANCE X206-1LD (incl. SIPLUS NET variant)	Lien
SCALANCE X206-1LD	Lien
SCALANCE X206-1	Lien
SCALANCE X206-1	Lien
SCALANCE X208 (incl. SIPLUS NET variant)	Lien
SCALANCE X208PRO	Lien
SCALANCE X208PRO	Lien
SCALANCE X208	Lien
SCALANCE X212-2LD	Lien
SCALANCE X212-2LD	Lien
SCALANCE X212-2	Lien
SCALANCE X212-2	Lien
SCALANCE X216	Lien
SCALANCE X216	Lien
SCALANCE X224	Lien
SCALANCE X224	Lien
SCALANCE X-300 (incl. X408 and SIPLUS NET variants)	Lien
SCALANCE X-300 switch family (incl. SIPLUS NET variants)	Lien
SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)	Lien
SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)	Lien
SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)	Lien
SCALANCE X302-7 EEC (230V coated)	Lien
SCALANCE X302-7 EEC (230V)	Lien
SCALANCE X302-7 EEC (24V coated)	Lien
SCALANCE X302-7 EEC (24V)	Lien
SCALANCE X302-7 EEC (2x 230V coated)	Lien
SCALANCE X302-7 EEC (2x 230V)	Lien
SCALANCE X302-7 EEC (2x 24V coated)	Lien
SCALANCE X302-7 EEC (2x 24V)	Lien
SCALANCE X302-7EEC	Lien
SCALANCE X304-2FE	Lien
SCALANCE X304-2FE	Lien
SCALANCE X306-1LD FE	Lien
SCALANCE X306-1LDFE	Lien
SCALANCE X307-2 EEC (230V coated)	Lien
SCALANCE X307-2 EEC (230V)	Lien
SCALANCE X307-2 EEC (24V coated)	Lien
SCALANCE X307-2 EEC (24V)	Lien
SCALANCE X307-2 EEC (2x 230V coated)	Lien
SCALANCE X307-2 EEC (2x 230V)	Lien
SCALANCE X307-2 EEC (2x 24V coated)	Lien
SCALANCE X307-2 EEC (2x 24V)	Lien
SCALANCE X307-2EEC	Lien
SCALANCE X307-3LD	Lien
SCALANCE X307-3LD	Lien
SCALANCE X307-3	Lien
SCALANCE X307-3	Lien
SCALANCE X308-2 (incl. SIPLUS NET variant)	Lien
SCALANCE X308-2LD	Lien
SCALANCE X308-2LD	Lien
SCALANCE X308-2LH+	Lien
SCALANCE X308-2LH	Lien
SCALANCE X308-2LH+	Lien
SCALANCE X308-2LH	Lien
SCALANCE X308-2M PoE	Lien
SCALANCE X308-2M PoE	Lien
SCALANCE X308-2M	Lien
SCALANCE X308-2M	Lien
SCALANCE X308-2M TS	Lien
SCALANCE X308-2M TS	Lien
SCALANCE X308-2	Lien
SCALANCE X310FE	Lien
SCALANCE X310FE	Lien
SCALANCE X310	Lien
SCALANCE X310	Lien
SCALANCE X320-1-2LD FE	Lien
SCALANCE X320-1 FE	Lien
SCALANCE X320-1FE	Lien
SCALANCE X320-3LDFE	Lien
SCALANCE X408-2	Lien
SCALANCE X408	Lien
SCALANCE X414	Lien
SCALANCE XB-200	Lien
SCALANCE XB-200	Lien
SCALANCE XB-200	Lien
SCALANCE XC-200	Lien
SCALANCE XC-200	Lien
SCALANCE XC-200	Lien
SCALANCE XF-200BA	Lien
SCALANCE XF-200BA	Lien
SCALANCE XF-200BA	Lien
SCALANCE XF201-3P IRT	Lien
SCALANCE XF201-3P IRT	Lien
SCALANCE XF202-2P IRT	Lien
SCALANCE XF202-2P IRT	Lien
SCALANCE XF204-2BA IRT	Lien
SCALANCE XF204-2BA IRT	Lien
SCALANCE XF204-2 (incl. SIPLUS NET variant)	Lien
SCALANCE XF204-2	Lien
SCALANCE XF204 IRT	Lien
SCALANCE XF204 IRT	Lien
SCALANCE XF204	Lien
SCALANCE XF204	Lien
SCALANCE XF206-1	Lien
SCALANCE XF206-1	Lien
SCALANCE XF208	Lien
SCALANCE XF208	Lien
SCALANCE XM-400 Family	Lien
SCALANCE XM400	Lien
SCALANCE XM-400	Lien
SCALANCE XM-400	Lien
SCALANCE XP-200	Lien
SCALANCE XP-200	Lien
SCALANCE XP-200	Lien
SCALANCE XR-300WG	Lien
SCALANCE XR-300WG	Lien
SCALANCE XR-300WG	Lien
SCALANCE XR324-12M (230V ports on front)	Lien
SCALANCE XR324-12M (230V ports on rear)	Lien
SCALANCE XR324-12M (24V ports on front)	Lien
SCALANCE XR324-12M (24V ports on rear)	Lien
SCALANCE XR324-12M	Lien
SCALANCE XR324-12M TS (24V)	Lien
SCALANCE XR324-12M TS	Lien
SCALANCE XR324-4M EEC (100-240VAC/60-250VDC ports on front)	Lien
SCALANCE XR324-4M EEC (100-240VAC/60-250VDC ports on rear)	Lien
SCALANCE XR324-4M EEC (24V ports on front)	Lien
SCALANCE XR324-4M EEC (24V ports on rear)	Lien
SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC ports on front)	Lien
SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC ports on rear)	Lien
SCALANCE XR324-4M EEC	Lien
SCALANCE XR324-4M PoE	Lien
SCALANCE XR324-4M PoE TS	Lien
SCALANCE XR-500 Family	Lien
SCALANCE XR-500 Family	Lien
SCALANCE XR500	Lien
SCALANCE XR-500	Lien
SENTRON 3VA COM100/800	Lien
SENTRON 3VA DSP800	Lien
SENTRON PAC2200 (with CLP Approval)	Lien
SENTRON PAC2200 (with MID Approval)	Lien
SENTRON PAC2200 (without MID Approval)	Lien
SENTRON PAC3200	Lien
SENTRON PAC3200T	Lien
SENTRON PAC3220	Lien
SENTRON PAC4200	Lien
SENTRON powermanager V4	Lien
SICAM 230	Lien
SICAM TOOLBOX II	Lien
SIDOOR ATD430W	Lien
SIDOOR ATE530S COATED	Lien
SIDOOR ATE531S	Lien
SIGUARD DSA	Lien
SIMATIC CFU PA	Lien
SIMATIC CFU PA	Lien
SIMATIC Cloud Connect 7 CC712	Lien
SIMATIC Cloud Connect 7 CC716	Lien
SIMATIC CM 1542-1	Lien
SIMATIC CM 1542-1	Lien
SIMATIC CM 1542-1	Lien
SIMATIC CM 1542SP-1	Lien
SIMATIC Compact Field Unit	Lien
SIMATIC CP 1242-7C	Lien
SIMATIC CP 1242-7 GPRS V2	Lien
SIMATIC CP 1242-7 GPRS V2	Lien
SIMATIC CP 1242-7 GPRS V2	Lien
SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)	Lien
SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)	Lien
SIMATIC CP 1243-1 (incl. SIPLUS variants)	Lien
SIMATIC CP 1243-1 (incl. SIPLUS variants)	Lien
SIMATIC CP 1243-1 IRC (incl. SIPLUS variants)	Lien
SIMATIC CP 1243-1	Lien
SIMATIC CP 1243-1	Lien
SIMATIC CP 1243-1	Lien
SIMATIC CP 1243-7 LTE EU	Lien
SIMATIC CP 1243-7 LTE EU	Lien
SIMATIC CP 1243-7 LTE EU	Lien
SIMATIC CP 1243-7 LTE EU	Lien
SIMATIC CP 1243-7 LTE US	Lien
SIMATIC CP 1243-7 LTE US	Lien
SIMATIC CP 1243-7 LTE US	Lien
SIMATIC CP 1243-7 LTE US	Lien
SIMATIC CP 1243-8 IRC	Lien
SIMATIC CP 1243-8 IRC	Lien
SIMATIC CP 1243-8 IRC	Lien
SIMATIC CP 1243-8 IRC	Lien
SIMATIC CP 1542SP-1 IRC (incl. SIPLUS variants)	Lien
SIMATIC CP 1542SP-1 IRC (incl. SIPLUS variants)	Lien
SIMATIC CP 1542SP-1 IRC (incl. SIPLUS variants)	Lien
SIMATIC CP 1542SP-1 IRC	Lien
SIMATIC CP 1542SP-1	Lien
SIMATIC CP 1542SP-1	Lien
SIMATIC CP 1542SP-1	Lien
SIMATIC CP 1543-1 (incl. SIPLUS variants)	Lien
SIMATIC CP 1543-1	Lien
SIMATIC CP 1543-1	Lien
SIMATIC CP 1543-1	Lien
SIMATIC CP 1543-1	Lien
SIMATIC CP 1543SP-1 (incl. SIPLUS variants)	Lien
SIMATIC CP 1543SP-1 (incl. SIPLUS variants)	Lien
SIMATIC CP 1543SP-1	Lien
SIMATIC CP 1543SP-1	Lien
SIMATIC CP 1545-1	Lien
SIMATIC CP 1545-1	Lien
SIMATIC CP 1545-1	Lien
SIMATIC CP 1604	Lien
SIMATIC CP 1604	Lien
SIMATIC CP 1616 and CP 1604	Lien
SIMATIC CP1616/CP1604	Lien
SIMATIC CP 1616	Lien
SIMATIC CP 1616	Lien
SIMATIC CP 1623	Lien
SIMATIC CP 1623	Lien
SIMATIC CP1626	Lien
SIMATIC CP 1626	Lien
SIMATIC CP 1628	Lien
SIMATIC CP 1628	Lien
SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)	Lien
SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)	Lien
SIMATIC CP 343-1 Advanced	Lien
SIMATIC CP 343-1 Advanced	Lien
SIMATIC CP 343-1 Advanced	Lien
SIMATIC CP 343-1 ERPC	Lien
SIMATIC CP 343-1 (incl. SIPLUS variants)	Lien
SIMATIC CP 343-1 Lean (incl. SIPLUS variants)	Lien
SIMATIC CP 343-1 Lean	Lien
SIMATIC CP 343-1	Lien
SIMATIC CP 442-1 RNA	Lien
SIMATIC CP 442-1 RNA	Lien
SIMATIC CP 443-1 Advanced (incl. SIPLUS variants)	Lien
SIMATIC CP 443-1 Advanced (incl. SIPLUS variants)	Lien
SIMATIC CP 443-1 Advanced (incl. SIPLUS variants)	Lien
SIMATIC CP 443-1 Advanced	Lien
SIMATIC CP 443-1 Advanced	Lien
SIMATIC CP 443-1 Advanced	Lien
SIMATIC CP 443-1 (incl. SIPLUS variants)	Lien
SIMATIC CP 443-1 (incl. SIPLUS variants)	Lien
SIMATIC CP 443-1 (incl. SIPLUS variants)	Lien
SIMATIC CP 443-1 OPC UA	Lien
SIMATIC CP 443-1 OPC UA	Lien
SIMATIC CP 443-1 OPC UA	Lien
SIMATIC CP 443-1 OPC UA	Lien
SIMATIC CP 443-1 OPC UA	Lien
SIMATIC CP 443-1 OPC UA	Lien
SIMATIC CP 443-1 OPC UA	Lien
SIMATIC CP 443-1 RNA	Lien
SIMATIC CP 443-1 RNA	Lien
SIMATIC CP 443-1	Lien
SIMATIC CP 443-1	Lien
SIMATIC CP 443-1	Lien
SIMATIC DK-16xx PN IO	Lien
SIMATIC Drive Controller family	Lien
SIMATIC Drive Controller family	Lien
SIMATIC ET200AL IM 157-1 PN	Lien
SIMATIC ET200AL	Lien
SIMATIC ET200AL	Lien
SIMATIC ET200AL	Lien
SIMATIC ET200ecoPN 16DI DC24V 8xM12	Lien
SIMATIC ET200ecoPN 16DI DC24V 8xM12	Lien
SIMATIC ET200ecoPN 16DI DC24V 8xM12	Lien
SIMATIC ET200ecoPN 16DI DC24V 8xM12	Lien
SIMATIC ET200ecoPN 16DI DC24V 8xM12	Lien
SIMATIC ET200ecoPN 16DO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 16DO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 16DO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 16DO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 16DO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 4AO U/I 4xM12	Lien
SIMATIC ET200ecoPN 4AO U/I 4xM12	Lien
SIMATIC ET200ecoPN 4AO U/I 4xM12	Lien
SIMATIC ET200ecoPN 4AO U/I 4xM12	Lien
SIMATIC ET200ecoPN 4AO U/I 4xM12	Lien
SIMATIC ET200ecoPN 8AI; 4 U/I; 4 RTD/TC 8xM12	Lien
SIMATIC ET200ecoPN 8AI; 4 U/I; 4 RTD/TC 8xM12	Lien
SIMATIC ET200ecoPN 8AI; 4 U/I; 4 RTD/TC 8xM12	Lien
SIMATIC ET200ecoPN 8AI; 4 U/I; 4 RTD/TC 8xM12	Lien
SIMATIC ET200ecoPN 8AI; 4 U/I; 4 RTD/TC 8xM12	Lien
SIMATIC ET200ecoPN 8AI RTD/TC 8xM12	Lien
SIMATIC ET200ecoPN 8AI RTD/TC 8xM12	Lien
SIMATIC ET200ecoPN 8AI RTD/TC 8xM12	Lien
SIMATIC ET200ecoPN 8AI RTD/TC 8xM12	Lien
SIMATIC ET200ecoPN 8AI RTD/TC 8xM12	Lien
SIMATIC ET200ecoPN 8DI DC24V 4xM12	Lien
SIMATIC ET200ecoPN 8DI DC24V 4xM12	Lien
SIMATIC ET200ecoPN 8DI DC24V 4xM12	Lien
SIMATIC ET200ecoPN 8DI DC24V 4xM12	Lien
SIMATIC ET200ecoPN 8DI DC24V 4xM12	Lien
SIMATIC ET200ecoPN 8DI DC24V 8xM12	Lien
SIMATIC ET200ecoPN 8DI DC24V 8xM12	Lien
SIMATIC ET200ecoPN 8DI DC24V 8xM12	Lien
SIMATIC ET200ecoPN 8DI DC24V 8xM12	Lien
SIMATIC ET200ecoPN 8DI DC24V 8xM12	Lien
SIMATIC ET200ecoPN 8 DIO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 8 DIO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 8 DIO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 8 DIO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 8 DIO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/05A 4xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/05A 4xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/05A 4xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/05A 4xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/05A 4xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/13A 4xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/13A 4xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/13A 4xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/13A 4xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/13A 4xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 8 DO DC24V/2A 8xM12	Lien
SIMATIC ET200ecoPN 8 DO DC24V/2A 8xM12	Lien
SIMATIC ET200ecoPN 8 DO DC24V/2A 8xM12	Lien
SIMATIC ET200ecoPN 8 DO DC24V/2A 8xM12	Lien
SIMATIC ET200ecoPN 8 DO DC24V/2A 8xM12	Lien
SIMATIC ET200ecoPN: IO-Link Master	Lien
SIMATIC ET200ecoPN: IO-Link Master	Lien
SIMATIC ET200ecoPN: IO-Link Master	Lien
SIMATIC ET200ecoPN: IO-Link Master	Lien
SIMATIC ET200ecoPN: IO-Link Master	Lien
SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants)	Lien
SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants)	Lien
SIMATIC ET200M (incl. SIPLUS variants)	Lien
SIMATIC ET200M (incl. SIPLUS variants)	Lien
SIMATIC ET200M (incl. SIPLUS variants)	Lien
SIMATIC ET200M (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)	Lien
SIMATIC ET200pro IM 154-3 PN HF	Lien
SIMATIC ET200pro IM 154-4 PN HF	Lien
SIMATIC ET200pro	Lien
SIMATIC ET200pro	Lien
SIMATIC ET200pro	Lien
SIMATIC ET200pro	Lien
SIMATIC ET200S (incl. SIPLUS variants)	Lien
SIMATIC ET200S (incl. SIPLUS variants)	Lien
SIMATIC ET200S (incl. SIPLUS variants)	Lien
SIMATIC ET200S (incl. SIPLUS variants)	Lien
SIMATIC ET200S (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 MF HF	Lien
SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)	Lien
SIMATIC ET200SP (incl. SIPLUS variants except IM155-6 PN ST and IM155-6 PN HF)	Lien
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)	Lien
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)	Lien
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)	Lien
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)	Lien
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)	Lien
SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)	Lien
SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)	Lien
SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)	Lien
SIMATIC Field PG M5	Lien
SIMATIC Field PG M6	Lien
SIMATIC HMI Comfort Outdoor Panels 7\ & 15\ (incl. SIPLUS variants)	Lien
SIMATIC HMI Comfort Outdoor Panels 7\ & 15\ (incl. SIPLUS variants)	Lien
SIMATIC HMI Comfort Outdoor Panels 7\ & 15\ (incl. SIPLUS variants)	Lien
SIMATIC HMI Comfort Outdoor Panels 7\ & 15\ (incl. SIPLUS variants)	Lien
SIMATIC HMI Comfort Panels 4\ - 22\ (incl. SIPLUS variants)	Lien
SIMATIC HMI Comfort Panels 4\ - 22\ (incl. SIPLUS variants)	Lien
SIMATIC HMI Comfort Panels 4\ - 22\ (incl. SIPLUS variants)	Lien
SIMATIC HMI Comfort Panels 4\ - 22\ (incl. SIPLUS variants)	Lien
SIMATIC HMI Comfort Panels HMI Multi Panels HMI Mobile Panels (incl. SIPLUS variants)	Lien
SIMATIC HMI KTP Mobile Panels KTP400F KTP700 KTP700F KTP900 and KTP900F	Lien
SIMATIC HMI KTP Mobile Panels KTP400F KTP700 KTP700F KTP900 and KTP900F	Lien
SIMATIC HMI KTP Mobile Panels	Lien
SIMATIC HMI KTP Mobile Panels	Lien
SIMATIC IE/PB-LINK V3	Lien
SIMATIC Information Server	Lien
SIMATIC IPC1047E	Lien
SIMATIC IPC1047	Lien
SIMATIC IPC127E	Lien
SIMATIC IPC427E	Lien
SIMATIC IPC477E Pro	Lien
SIMATIC IPC477E	Lien
SIMATIC IPC527G	Lien
SIMATIC IPC547G	Lien
SIMATIC IPC627E	Lien
SIMATIC IPC647D	Lien
SIMATIC IPC647E	Lien
SIMATIC IPC647E	Lien
SIMATIC IPC677E	Lien
SIMATIC IPC847D	Lien
SIMATIC IPC847E	Lien
SIMATIC IPC847E	Lien
SIMATIC IPC DiagMonitor	Lien
SIMATIC IPC DiagMonitor	Lien
SIMATIC IPC Support Package for VxWorks	Lien
SIMATIC ITC1500 PRO	Lien
SIMATIC ITC1500	Lien
SIMATIC ITC1900 PRO	Lien
SIMATIC ITC1900	Lien
SIMATIC ITC2200 PRO	Lien
SIMATIC ITC2200	Lien
SIMATIC ITP1000	Lien
SIMATIC Logon	Lien
SIMATIC MICRO-DRIVE PDC	Lien
SIMATIC MV400 family	Lien
SIMATIC MV400	Lien
SIMATIC MV540 H (6GF3540-0GE10)	Lien
SIMATIC MV540 H	Lien
SIMATIC MV540 H	Lien
SIMATIC MV540 S (6GF3540-0CD10)	Lien
SIMATIC MV540 S	Lien
SIMATIC MV540 S	Lien
SIMATIC MV550 H (6GF3550-0GE10)	Lien
SIMATIC MV550 H	Lien
SIMATIC MV550 H	Lien
SIMATIC MV550 S (6GF3550-0CD10)	Lien
SIMATIC MV550 S	Lien
SIMATIC MV550 S	Lien
SIMATIC MV560 U (6GF3560-0LE10)	Lien
SIMATIC MV560 U	Lien
SIMATIC MV560 U	Lien
SIMATIC MV560 X (6GF3560-0HE10)	Lien
SIMATIC MV560 X	Lien
SIMATIC MV560 X	Lien
SIMATIC NET CP 1604	Lien
SIMATIC NET CP 1616	Lien
SIMATIC NET DK-16xx PN IO	Lien
SIMATIC NET PC Software	Lien
SIMATIC PCS 7 TeleControl	Lien
SIMATIC PCS 7 V8.2 and earlier	Lien
SIMATIC PCS 7 V8.2 and earlier	Lien
SIMATIC PCS 7 V9.0	Lien
SIMATIC PCS 7 V9.0	Lien
SIMATIC PCS 7 V9.1	Lien
SIMATIC PCS 7 V9.1	Lien
SIMATIC PCS neo	Lien
SIMATIC PCS neo	Lien
SIMATIC PCS neo	Lien
SIMATIC PDM	Lien
SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant)	Lien
SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant)	Lien
SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)	Lien
SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)	Lien
SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)	Lien
SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)	Lien
SIMATIC Power Line Booster PLB Base Module	Lien
SIMATIC Process Historian (incl. Process Historian OPC UA Server)	Lien
SIMATIC Process Historian OPC UA Server	Lien
SIMATIC Process Historian OPC UA Server	Lien
SIMATIC PROFINET Driver	Lien
SIMATIC PROFINET Driver	Lien
SIMATIC RF166C	Lien
SIMATIC RF180C	Lien
SIMATIC RF180C	Lien
SIMATIC RF182C	Lien
SIMATIC RF182C	Lien
SIMATIC RF182C	Lien
SIMATIC RF185C	Lien
SIMATIC RF185C	Lien
SIMATIC RF185C	Lien
SIMATIC RF186CI	Lien
SIMATIC RF186CI	Lien
SIMATIC RF186C	Lien
SIMATIC RF186C	Lien
SIMATIC RF186C	Lien
SIMATIC RF188CI	Lien
SIMATIC RF188CI	Lien
SIMATIC RF188C	Lien
SIMATIC RF188C	Lien
SIMATIC RF188C	Lien
SIMATIC RF188C	Lien
SIMATIC RF360R	Lien
SIMATIC RF600 family	Lien
SIMATIC RF600R	Lien
SIMATIC RF600R	Lien
SIMATIC RF600	Lien
SIMATIC RF650R	Lien
SIMATIC RF680R	Lien
SIMATIC RF685R	Lien
SIMATIC RTU3010C	Lien
SIMATIC RTU3030C	Lien
SIMATIC RTU3031C	Lien
SIMATIC RTU3041C	Lien
SIMATIC S7-1200 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-1200 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-1200 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-1200 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-1200 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-1200 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-1200 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0 6AG1518-4AX00-4AC0 incl. SIPLUS variant)	Lien
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0 6AG1518-4AX00-4AC0 incl. SIPLUS variant)	Lien
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0 6AG1518-4AX00-4AC0 incl. SIPLUS variant)	Lien
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP	Lien
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP	Lien
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-1500 Software Controller (incl. F)	Lien
SIMATIC S7-1500 Software Controller	Lien
SIMATIC S7-1500 Software Controller	Lien
SIMATIC S7-1500 Software Controller	Lien
SIMATIC S7-1500 Software Controller	Lien
SIMATIC S7-1500 Software Controller	Lien
SIMATIC S7-1500 Software Controller	Lien
SIMATIC S7-200 SMART	Lien
SIMATIC S7-200 SMART	Lien
SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants)	Lien
SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants)	Lien
SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-400 PN/DP V6 CPU family and below (incl. SIPLUS variants)	Lien
SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-400 PN/DP V7 and below CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-410 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-410 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-PLCSIM Advanced	Lien
SIMATIC S7-PLCSIM Advanced	Lien
SIMATIC TDC CP51M1	Lien
SIMATIC TDC CP51M1	Lien
SIMATIC TDC CP51M1	Lien
SIMATIC TDC CP51M1	Lien
SIMATIC TDC CPU555	Lien
SIMATIC TDC CPU555	Lien
SIMATIC TDC CPU555	Lien
SIMATIC TDC CPU555	Lien
SIMATIC Teleservice Adapter IE Advanced	Lien
SIMATIC Teleservice Adapter IE Advanced	Lien
SIMATIC Teleservice Adapter IE Advanced	Lien
SIMATIC Teleservice Adapter IE Basic	Lien
SIMATIC Teleservice Adapter IE Basic	Lien
SIMATIC Teleservice Adapter IE Basic	Lien
SIMATIC Teleservice Adapter IE Standard	Lien
SIMATIC Teleservice Adapter IE Standard	Lien
SIMATIC WinAC RTX (F) 2010	Lien
SIMATIC WinAC RTX (F) 2010	Lien
SIMATIC WinAC RTX (F) 2010	Lien
SIMATIC WinAC RTX (F) 2010	Lien
SIMATIC WinAC RTX (F) 2010	Lien
SIMATIC WinAC RTX (F) 2010	Lien
SIMATIC WinCC OA	Lien
SIMATIC WinCC OA V3.17	Lien
SIMATIC WinCC OA V3.18	Lien
SIMATIC WinCC Runtime Advanced	Lien
SIMATIC WinCC Runtime Advanced	Lien
SIMATIC WinCC Runtime Advanced	Lien
SIMATIC WinCC TeleControl	Lien
SIMATIC WinCC V15 and earlier	Lien
SIMATIC WinCC V15 and earlier	Lien
SIMATIC WinCC V16	Lien
SIMATIC WinCC V16	Lien
SIMATIC WinCC V17	Lien
SIMATIC WinCC V17	Lien
SIMATIC WinCC V7.4 and earlier	Lien
SIMATIC WinCC V7.4 and earlier	Lien
SIMATIC WinCC V7.5	Lien
SIMATIC WinCC V7.5	Lien
Simcenter 3D	Lien
Simcenter Amesim	Lien
Simcenter Femap V2020.2	Lien
Simcenter Femap V2021.1	Lien
Simcenter System Architect	Lien
Simcenter System Simulation Client for Git	Lien
Simcenter Testlab Data Management	Lien
Simcenter Testlab	Lien
SIMIT Simulation Platform	Lien
SIMOCODE pro V EIP (incl. SIPLUS variants)	Lien
SIMOCODE proV Ethernet/IP	Lien
SIMOCODE pro V PN (incl. SIPLUS variants)	Lien
SIMOCODE pro V PN (incl. SIPLUS variants)	Lien
SIMOCODE pro V PN (incl. SIPLUS variants)	Lien
SIMOCODE proV PROFINET	Lien
SIMOTION C	Lien
SIMOTION C	Lien
SIMOTION D (incl. SIPLUS variants)	Lien
SIMOTION D (incl. SIPLUS variants)	Lien
SIMOTION (incl. SIPLUS variants)	Lien
SIMOTION (incl. SIPLUS variants)	Lien
SIMOTION P	Lien
SIMOTION P V4.4 and V4.5	Lien
SIMOTION P V5	Lien
SINAMICS Connect 300	Lien
SINAMICS DCM	Lien
SINAMICS DCM	Lien
SINAMICS DCM w. PN	Lien
SINAMICS DCM w. PN	Lien
SINAMICS DCP	Lien
SINAMICS DCP	Lien
SINAMICS DCP	Lien
SINAMICS DCP w. PN	Lien
SINAMICS DCP w. PN	Lien
SINAMICS G110M V4.7 Control Unit	Lien
SINAMICS G110M V4.7 PN Control Unit	Lien
SINAMICS G110M w. PN	Lien
SINAMICS G110M w. PN	Lien
SINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants)	Lien
SINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants)	Lien
SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants)	Lien
SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants)	Lien
SINAMICS G130 V4.6 Control Unit	Lien
SINAMICS G130 V4.7 Control Unit	Lien
SINAMICS G130 V4.7 Control Unit	Lien
SINAMICS G130 V4.7 Control Unit	Lien
SINAMICS G130 V4.7 SP1 Control Unit	Lien
SINAMICS G130 V4.7 w. PN	Lien
SINAMICS G130 V4.7 w. PN	Lien
SINAMICS G130 V4.8 Control Unit	Lien
SINAMICS G130 V4.8 w. PN	Lien
SINAMICS G130 V4.8 w. PN	Lien
SINAMICS G130 V5.1 Control Unit	Lien
SINAMICS G130 V5.1 SP1 Control Unit	Lien
SINAMICS G150 Control Unit	Lien
SINAMICS G150 Control Unit	Lien
SINAMICS G150 V4.6 Control Unit	Lien
SINAMICS G150 V4.7 Control Unit	Lien
SINAMICS G150 V4.7 SP1 Control Unit	Lien
SINAMICS G150 V4.7 w. PN	Lien
SINAMICS G150 V4.7 w. PN	Lien
SINAMICS G150 V4.8 Control Unit	Lien
SINAMICS G150 V4.8 w. PN	Lien
SINAMICS G150 V4.8 w. PN	Lien
SINAMICS G150 V5.1 Control Unit	Lien
SINAMICS G150 V5.1 SP1 Control Unit	Lien
SINAMICS GH150 V4.7 Control Unit	Lien
SINAMICS GH150 V4.7 Control Unit	Lien
SINAMICS GL150 V4.7 Control Unit	Lien
SINAMICS GL150 V4.7 Control Unit	Lien
SINAMICS GM150 V4.7 Control Unit	Lien
SINAMICS GM150 V4.7 Control Unit	Lien
SINAMICS S110 Control Unit	Lien
SINAMICS S110 Control Unit	Lien
SINAMICS S110 w. PN	Lien
SINAMICS S110 w. PN	Lien
SINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants)	Lien
SINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.7 w. PN (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.7 w. PN (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.8 w. PN (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.8 w. PN (incl. SIPLUS variants)	Lien
SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants)	Lien
SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants)	Lien
SINAMICS S150 Control Unit	Lien
SINAMICS S150 Control Unit	Lien
SINAMICS S150 V4.6 Control Unit	Lien
SINAMICS S150 V4.7 Control Unit	Lien
SINAMICS S150 V4.7 SP1 Control Unit	Lien
SINAMICS S150 V4.7 w. PN	Lien
SINAMICS S150 V4.7 w. PN	Lien
SINAMICS S150 V4.8 Control Unit	Lien
SINAMICS S150 V4.8 w. PN	Lien
SINAMICS S150 V4.8 w. PN	Lien
SINAMICS S150 V5.1 Control Unit	Lien
SINAMICS S150 V5.1 SP1 Control Unit	Lien
SINAMICS S210 V5.1 Control Unit	Lien
SINAMICS S210 V5.1 SP1 Control Unit	Lien
SINAMICS S/G Control Unit w. PROFINET	Lien
SINAMICS SL150 V4.7 Control Unit	Lien
SINAMICS SL150 V4.7 Control Unit	Lien
SINAMICS SM120 V4.7 Control Unit	Lien
SINAMICS SM120 V4.7 Control Unit	Lien
SINAMICS V90 w. PN	Lien
SINAMICS V90 w. PN	Lien
SINEC INS	Lien
SINEC NMS	Lien
SINEC-NMS	Lien
SINEC NMS	Lien
SINEMA Remote Connect Server	Lien
SINEMA Remote Connect Server	Lien
SINEMA Remote Connect Server	Lien
SINEMA Remote Connect Server	Lien
SINEMA Remote Connect Server	Lien
SINEMA Server	Lien
SINEMA Server	Lien
SINEMA Server V14	Lien
SINUMERIK 808D	Lien
SINUMERIK 828D HW PU.4	Lien
SINUMERIK 828D	Lien
SINUMERIK 828D	Lien
SINUMERIK 828D	Lien
SINUMERIK 828D V4.5 and prior	Lien
SINUMERIK 828D V4.7	Lien
SINUMERIK 840D sl	Lien
SINUMERIK 840D sl	Lien
SINUMERIK 840D sl	Lien
SINUMERIK 840D sl	Lien
SINUMERIK 840D sl V4.5 and prior	Lien
SINUMERIK 840D sl V4.7	Lien
SINUMERIK MC MCU 1720	Lien
SINUMERIK ONE NCU 1740	Lien
SINUMERIK ONE PPU 1740	Lien
SINUMERIK ONE / SINUMERIK 840D sl Handheld Terminal HT 10	Lien
SINUMERIK OPC UA Server	Lien
SINUMERIK OPC UA Server	Lien
SINUMERIK Operate	Lien
SiPass integrated V2.80	Lien
SiPass integrated V2.85	Lien
SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL	Lien
SIPLUS ET 200SP CP 1543SP-1 ISEC	Lien
SIPLUS ET 200SP CP 1543SP-1 ISEC	Lien
SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL	Lien
SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL	Lien
SIPLUS NET CP 1543-1	Lien
SIPLUS NET CP 1543-1	Lien
SIPLUS NET CP 1543-1	Lien
SIPLUS NET CP 1543-1	Lien
SIPLUS NET CP 343-1 Advanced	Lien
SIPLUS NET CP 343-1 Advanced	Lien
SIPLUS NET CP 343-1 Advanced	Lien
SIPLUS NET CP 343-1 Lean	Lien
SIPLUS NET CP 343-1	Lien
SIPLUS NET CP 443-1 Advanced	Lien
SIPLUS NET CP 443-1 Advanced	Lien
SIPLUS NET CP 443-1 Advanced	Lien
SIPLUS NET CP 443-1	Lien
SIPLUS NET CP 443-1	Lien
SIPLUS NET CP 443-1	Lien
SIPLUS S7-1200 CP 1243-1 RAIL	Lien
SIPLUS S7-1200 CP 1243-1 RAIL	Lien
SIPLUS S7-1200 CP 1243-1 RAIL	Lien
SIPLUS S7-1200 CP 1243-1	Lien
SIPLUS S7-1200 CP 1243-1	Lien
SIPLUS S7-1200 CP 1243-1	Lien
SIPLUS TIM 1531 IRC	Lien
SIPLUS TIM 1531 IRC	Lien
SIRIUS ACT 3SU1 interface module PROFINET	Lien
SIRIUS Motor Starter M200D PROFINET	Lien
SIRIUS Soft Starter 3RW44 PN	Lien
SIRIUS Soft Starter 3RW44 PN	Lien
SITOP Manager	Lien
SITOP PSU8600 PROFINET	Lien
SITOP PSU8600	Lien
SITOP UPS1600 (incl. SIPLUS variants)	Lien
SITOP UPS1600 PROFINET (incl. SIPLUS variants)	Lien
Siveillance Command	Lien
Siveillance Control Pro	Lien
Siveillance Identity V1.5	Lien
Siveillance Identity V1.6	Lien
Siveillance Vantage	Lien
SOFTNET-IE PNIO	Lien
SOFTNET-IE PNIO	Lien
Softnet PROFINET IO for PC-based Windows systems	Lien
Solid Edge CAM Pro	Lien
Solid Edge Harness Design	Lien
Solid Edge SE2021	Lien
Solid Edge SE2022	Lien
Spectrum Power 4	Lien
Spectrum Power 4	Lien
Spectrum Power 7	Lien
SPPA-T3000 SeS3000 Security Server (6DU7054-0..00-..A0)	Lien
Teamcenter Active Workspace	Lien
Teamcenter Briefcase Browser	Lien
Teamcenter Data Share Manager	Lien
Teamcenter Deployment Center	Lien
Teamcenter Dispatcher Service	Lien
Teamcenter EDA	Lien
Teamcenter FMS	Lien
Teamcenter Integration for CATIA	Lien
Teamcenter Integration Framework	Lien
Teamcenter MBSE Gateway	Lien
Teamcenter Mendix Connector	Lien
Teamcenter Microservices Framework	Lien
Teamcenter Polarion Integration	Lien
Teamcenter Rapid Start	Lien
Teamcenter Reporting and Analytics V11	Lien
Teamcenter Reporting and Analytics V12.2	Lien
Teamcenter Reporting and Analytics V12.3	Lien
Teamcenter Reporting and Analytics V12.4	Lien
Teamcenter Reporting and Analytics V13	Lien
Teamcenter Retail Footwear and Apparel	Lien
Teamcenter Security Services	Lien
Teamcenter Supplier Collaboration	Lien
Teamcenter System Modeling Workbench	Lien
Teamcenter	Lien
Teamcenter Technical Publishing	Lien
Teamcenter Visualization V12.4	Lien
Teamcenter Visualization V13.1	Lien
Teamcenter Visualization V13.2	Lien
Teamcenter Visualization V13.3	Lien
Tecnomatix eBOP Manager Server	Lien
Tecnomatix Intosite	Lien
Tecnomatix Plant Simulation	Lien
Tecnomatix Process Designer	Lien
Tecnomatix Process Simulate	Lien
Tecnomatix Process Simulate VCLite	Lien
Tecnomatix RobotExpert	Lien
TeleControl Server Basic	Lien
TIA Administrator	Lien
TIA Administrator	Lien
TIM 1531 IRC (incl. SIPLUS NET variants)	Lien
TIM 1531 IRC (incl. SIPLUS NET variants)	Lien
TIM 1531 IRC (incl. SIPLUS NET variants)	Lien
TIM 1531 IRC	Lien
TIM 1531 IRC	Lien
TIM 3V-IE Advanced (incl. SIPLUS NET variants)	Lien
TIM 3V-IE DNP3 (incl. SIPLUS NET variants)	Lien
TIM 3V-IE (incl. SIPLUS NET variants)	Lien
TIM 4R-IE DNP3 (incl. SIPLUS NET variants)	Lien
TIM 4R-IE (incl. SIPLUS NET variants)	Lien
Valor Parts Library - VPL Direct	Lien
Valor Parts Library - VPL Server or Service	Lien
VeSys	Lien
Xpedition Enterprise VX.2.10	Lien
Xpedition Enterprise VX.2.6	Lien
Xpedition Enterprise VX.2.7	Lien
Xpedition Enterprise VX.2.8	Lien
Xpedition Enterprise (XCR) VX.2.10	Lien
Xpedition IC Packaging VX.2.10	Lien
Xpedition IC Packaging VX.2.6	Lien
Xpedition IC Packaging VX.2.7	Lien
Xpedition IC Packaging VX.2.8	Lien
Xpedition IC Packaging (XCR) VX.2.10	Lien

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-541018 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-914168 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-309571 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-675303 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-244969 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-654775 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-316383 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-100232 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-480230 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-978220 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-840188 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-211752 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-772220 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-539476 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-599968 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-443566 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-995338 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-462066 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-102233 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-301589 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-669737 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-609880 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssb-439005 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-473245 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-831168 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-593272 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-838121 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-307392 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-780073 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-349422 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-346262 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-293562 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-913875 du 08 février 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003ctable\u003e \u003cthead\u003e \u003ctr\u003e \u003cth\u003eSyst\u00e8me affect\u00e9\u003c/th\u003e \u003cth\u003eLien vers l\u0027avis \u00e9diteur\u003c/th\u003e \u003c/tr\u003e \u003c/thead\u003e \u003ctbody\u003e \u003ctr\u003e \u003ctd\u003eAdvantage Navigator Energy \u0026amp; Sustainability\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eAdvantage Navigator Software Proxy V6\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eBuilding Operator Discovery Distribution for the Connect X200 Gateway\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eBuilding Operator Discovery Distribution for the Connect X300 Gateway\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eBuilding Twin - 360\u00b0 Viewer\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eCapital\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eCerberus DMS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eCloudConnect 712\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eCOMOS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eCOMOS V10.2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-995338.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eCOMOS V10.3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-995338.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eCOMOS V10.4\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-995338.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003ecRSP Operator Client Starter\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003ecRSP\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDesigo CC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200P\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200P\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200P\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200P\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200P\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200P\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200P\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eE-Car OC Cloud Application\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eEnergy Engage\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eEnergyIP Prepay V3.7\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eEnergyIP Prepay V3.8\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eEnergyIP\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eEnlighted Amaze\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eEnlighted Where\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eGeolus Shape Search V10\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eGeolus Shape Search V11\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eGMA-Manager\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eHEEDS Connect\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eHES UDIS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eIE/AS-i Link PN IO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eIE/PB-Link (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eIE/PB LINK PN IO (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eIndustrial Edge Hub\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eIndustrial Edge Management App (IEM-App)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eIndustrial Edge Management OS (IEM-OS)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003ejROS for Spectrum Power 4\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003ejROS for Spectrum Power 7\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eJT2Go\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-301589.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eKTK ATE530S\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eLOGO! CMR2020\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-316383.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eLOGO! CMR2040\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-316383.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eMendix Applications\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eMindSphere App Management Cockpits (Developer\u0026amp; Operator)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eMindSphere Asset Manager\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eMindsphere Cloud Foundry\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eMindsphere Cloud Platform\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eMindSphere IAM (User Management/ Settings)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eMindSphere Integrated Data Lake\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eMindSphere Notification Service\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eMindSphere Predictive Learning\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eMindSphere Usage Transparency Service\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eMindSphere Visual Explorer\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eNXpower Monitor\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eNX\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eOpcenter EX CP Process Automation Control\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eOpcenter Execution Core Process Automation Control\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eOpcenter Intelligence\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eOperation Scheduler\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003ePROFINET Driver for Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003ePSS(R)CAPE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-675303.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRFID 181EIP\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eROX II\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM APE1404 Linux\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM CROSSBOW Station Access Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM RCM1224\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM RM1224 LTE(4G) EU\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM RM1224 LTE(4G) EU\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM RM1224 LTE(4G) NAM\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM RM1224 LTE(4G) NAM\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM RM1224\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM RM1224\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM RM1224\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM ROX MX5000RE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM ROX MX5000\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM ROX RX1400\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM ROX RX1500\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM ROX RX1501\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM ROX RX1510\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM ROX RX1511\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM ROX RX1512\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM ROX RX1524\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM ROX RX1536\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM ROX RX5000\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM RX1400 VPE Debian Linux\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM RX1400 VPE Linux CloudConnect\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE LPE9403\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M-800 / S615\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M-800\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M804PB\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M804PB\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M804PB\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M804PB\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M804PB\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M812-1 ADSL-Router (Annex A)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M812-1 ADSL-Router (Annex A)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M812-1 ADSL-Router (Annex A)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M812-1 ADSL-Router (Annex A)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M812-1 ADSL-Router (Annex B)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M812-1 ADSL-Router (Annex B)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M812-1 ADSL-Router (Annex B)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M812-1 ADSL-Router (Annex B)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M812-1 ADSL-Router\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M816-1 ADSL-Router (Annex A)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M816-1 ADSL-Router (Annex A)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M816-1 ADSL-Router (Annex A)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M816-1 ADSL-Router (Annex A)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M816-1 ADSL-Router (Annex B)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M816-1 ADSL-Router (Annex B)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M816-1 ADSL-Router (Annex B)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M816-1 ADSL-Router (Annex B)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M816-1 ADSL-Router\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M826-2 SHDSL-Router\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M826-2 SHDSL-Router\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M826-2 SHDSL-Router\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M826-2 SHDSL-Router\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M826-2 SHDSL-Router\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M874-2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M874-2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M874-2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M874-2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M874-2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M874-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M874-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M874-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M874-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M874-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M875\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-3 (ROK)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-3 (ROK)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-3 (ROK)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-3 (ROK)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-3 (ROK)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-4 (EU)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-4 (EU)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-4 (EU)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-4 (EU)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-4 (EU)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-4 (NAM)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-4 (NAM)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-4 (NAM)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-4 (NAM)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-4 (NAM)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE MUM856-1 (EU)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE MUM856-1 (EU)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE MUM856-1 (RoW)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE MUM856-1 (RoW)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S602\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S602\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S602\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S612\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S612\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S612\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S615\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S615\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S615\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S615\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S615\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S623\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S623\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S623\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S627-2M\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S627-2M\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S627-2M\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC622-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC622-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC622-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC622-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC632-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC632-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC632-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC632-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC636-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC636-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC636-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC636-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC642-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC642-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC642-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC642-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC646-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC646-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC646-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC646-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W-1700 IEEE 802.11ac family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W-1700 IEEE 802.11ac family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W-1700 IEEE 802.11ac family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1748-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1748-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1750D\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1750D\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1788-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1788-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1788-2 EEC M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1788-2 EEC M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1788-2IA M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1788-2IA M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1788-2 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1788-2 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W-700 IEEE 802.11n family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W-700 IEEE 802.11n family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W-700 IEEE 802.11n family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W-700 IEEE 802.11n family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W700\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W721-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W721-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W722-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W722-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W734-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W734-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W734-1 RJ45 (USA)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W734-1 RJ45 (USA)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W738-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W738-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W748-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W748-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W748-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W748-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W761-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W761-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W774-1 M12 EEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W774-1 M12 EEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W774-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W774-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W774-1 RJ45 (USA)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W774-1 RJ45 (USA)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W778-1 M12 EEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W778-1 M12 EEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W778-1 M12 EEC (USA)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W778-1 M12 EEC (USA)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W778-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W778-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W786-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W786-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W786-2IA RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W786-2IA RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W786-2 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W786-2 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W786-2 SFP\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W786-2 SFP\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W788-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W788-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W788-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W788-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W788-2 M12 EEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W788-2 M12 EEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W788-2 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W788-2 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W788-2 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W788-2 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WAM763-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WAM766-1 6GHz\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WAM766-1 6GHz\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WAM766-1 EEC 6GHz\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WAM766-1 EEC 6GHz\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WAM766-1 EEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WAM766-1 EEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WAM766-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WAM766-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WLC711\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WLC712\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WUM763-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WUM766-1 6GHz\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WUM766-1 6GHz\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WUM766-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WUM766-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X200-4 P IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X200-4 P IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-200IRT (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-200IRT switch family (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-100232.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-200IRT switch family (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-102233.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-200IRT switch family (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-200IRT switch family (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-200 switch family (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-100232.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-200 switch family (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-102233.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-200 switch family (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-200 switch family (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X201-3P IRT PRO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X201-3P IRT PRO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X201-3P IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X201-3P IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X202-2 IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X202-2 IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X202-2P IRT (incl. SIPLUS NET variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X202-2P IRT (incl. SIPLUS NET variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X202-2P IRT PRO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X202-2P IRT PRO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204-2FM\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204-2FM\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204-2 (incl. SIPLUS NET variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204-2LD (incl. SIPLUS NET variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204-2LD\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204-2LD TS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204-2LD TS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204-2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204-2TS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204-2TS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204 IRT PRO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204 IRT PRO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204 IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204 IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204RNA EEC (HSR)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-100232.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204RNA EEC (HSR)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-443566.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204RNA EEC (PRP/HSR)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-100232.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204RNA EEC (PRP/HSR)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-443566.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204RNA EEC (PRP)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-100232.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204RNA EEC (PRP)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-443566.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204RNA (HSR)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-100232.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204RNA (HSR)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-443566.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204RNA (PRP)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-100232.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204RNA (PRP)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-443566.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X206-1LD (incl. SIPLUS NET variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X206-1LD\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X206-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X206-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X208 (incl. SIPLUS NET variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X208PRO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X208PRO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X208\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X212-2LD\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X212-2LD\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X212-2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X212-2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X216\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X216\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X224\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X224\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-300 (incl. X408 and SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-300 switch family (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-102233.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-443566.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X302-7 EEC (230V coated)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X302-7 EEC (230V)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X302-7 EEC (24V coated)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X302-7 EEC (24V)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X302-7 EEC (2x 230V coated)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X302-7 EEC (2x 230V)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X302-7 EEC (2x 24V coated)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X302-7 EEC (2x 24V)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X302-7EEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X304-2FE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X304-2FE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X306-1LD FE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X306-1LDFE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-2 EEC (230V coated)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-2 EEC (230V)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-2 EEC (24V coated)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-2 EEC (24V)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-2 EEC (2x 230V coated)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-2 EEC (2x 230V)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-2 EEC (2x 24V coated)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-2 EEC (2x 24V)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-2EEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-3LD\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-3LD\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2 (incl. SIPLUS NET variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2LD\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2LD\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2LH+\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2LH\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2LH+\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2LH\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2M PoE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2M PoE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2M\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2M\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2M TS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2M TS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X310FE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X310FE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X310\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X310\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X320-1-2LD FE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X320-1 FE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X320-1FE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X320-3LDFE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X408-2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X408\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X414\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XB-200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XB-200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XB-200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XC-200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XC-200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XC-200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF-200BA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF-200BA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF-200BA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF201-3P IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF201-3P IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF202-2P IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF202-2P IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF204-2BA IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF204-2BA IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF204-2 (incl. SIPLUS NET variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF204-2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF204 IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF204 IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF204\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF204\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF206-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF206-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF208\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF208\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XM-400 Family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XM400\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XM-400\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XM-400\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XP-200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XP-200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XP-200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR-300WG\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR-300WG\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR-300WG\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-12M (230V ports on front)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-12M (230V ports on rear)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-12M (24V ports on front)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-12M (24V ports on rear)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-12M\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-12M TS (24V)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-12M TS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-4M EEC (100-240VAC/60-250VDC ports on front)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-4M EEC (100-240VAC/60-250VDC ports on rear)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-4M EEC (24V ports on front)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-4M EEC (24V ports on rear)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC ports on front)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC ports on rear)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-4M EEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-4M PoE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-4M PoE TS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR-500 Family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR-500 Family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR500\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR-500\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSENTRON 3VA COM100/800\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-541018.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSENTRON 3VA DSP800\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-541018.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSENTRON PAC2200 (with CLP Approval)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-541018.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSENTRON PAC2200 (with MID Approval)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-541018.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSENTRON PAC2200 (without MID Approval)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-541018.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSENTRON PAC3200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-541018.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSENTRON PAC3200T\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-541018.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSENTRON PAC3220\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-541018.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSENTRON PAC4200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-541018.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSENTRON powermanager V4\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSICAM 230\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-675303.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSICAM TOOLBOX II\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-669737.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIDOOR ATD430W\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIDOOR ATE530S COATED\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIDOOR ATE531S\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIGUARD DSA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CFU PA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CFU PA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Cloud Connect 7 CC712\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Cloud Connect 7 CC716\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CM 1542-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CM 1542-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CM 1542-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CM 1542SP-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Compact Field Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1242-7C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1242-7 GPRS V2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1242-7 GPRS V2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1242-7 GPRS V2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-1 IEC (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-1 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-1 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-1 IRC (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-7 LTE EU\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-7 LTE EU\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-7 LTE EU\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-7 LTE EU\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-7 LTE US\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-7 LTE US\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-7 LTE US\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-7 LTE US\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-8 IRC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-8 IRC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-8 IRC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-8 IRC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1542SP-1 IRC (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1542SP-1 IRC (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1542SP-1 IRC (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1542SP-1 IRC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1542SP-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1542SP-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1542SP-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1543-1 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1543-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1543-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1543-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1543-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1543SP-1 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1543SP-1 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1543SP-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1543SP-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1545-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1545-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1545-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1604\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1604\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1616 and CP 1604\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP1616/CP1604\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1616\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1616\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1623\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1623\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP1626\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1626\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1628\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1628\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 343-1 Advanced (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 343-1 Advanced (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 343-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 343-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 343-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 343-1 ERPC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 343-1 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 343-1 Lean (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 343-1 Lean\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 343-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 442-1 RNA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-102233.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 442-1 RNA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 Advanced (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-102233.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 Advanced (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 Advanced (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-102233.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 OPC UA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-211752.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 OPC UA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 OPC UA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 OPC UA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 OPC UA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 OPC UA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 OPC UA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 RNA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-102233.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 RNA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC DK-16xx PN IO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Drive Controller family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Drive Controller family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-838121.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200AL IM 157-1 PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200AL\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200AL\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200AL\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 16DI DC24V 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 16DI DC24V 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 16DI DC24V 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 16DI DC24V 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 16DI DC24V 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 16DO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 16DO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 16DO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 16DO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 16DO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 4AO U/I 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 4AO U/I 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 4AO U/I 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 4AO U/I 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 4AO U/I 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8AI; 4 U/I; 4 RTD/TC 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8AI; 4 U/I; 4 RTD/TC 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8AI; 4 U/I; 4 RTD/TC 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8AI; 4 U/I; 4 RTD/TC 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8AI; 4 U/I; 4 RTD/TC 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8AI RTD/TC 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8AI RTD/TC 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8AI RTD/TC 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8AI RTD/TC 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8AI RTD/TC 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DI DC24V 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DI DC24V 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DI DC24V 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DI DC24V 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DI DC24V 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DI DC24V 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DI DC24V 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DI DC24V 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DI DC24V 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DI DC24V 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8 DIO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8 DIO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8 DIO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8 DIO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8 DIO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/05A 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/05A 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/05A 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/05A 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/05A 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/13A 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/13A 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/13A 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/13A 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/13A 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8 DO DC24V/2A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8 DO DC24V/2A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8 DO DC24V/2A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8 DO DC24V/2A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8 DO DC24V/2A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN: IO-Link Master\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN: IO-Link Master\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN: IO-Link Master\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN: IO-Link Master\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN: IO-Link Master\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200M (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200M (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200M (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200M (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200pro IM 154-3 PN HF\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200pro IM 154-4 PN HF\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200pro\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200pro\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200pro\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200pro\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200S (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200S (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200S (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200S (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200S (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 MF HF\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP (incl. SIPLUS variants except IM155-6 PN ST and IM155-6 PN HF)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-838121.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Field PG M5\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Field PG M6\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI Comfort Outdoor Panels 7\\ \u0026amp; 15\\ (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI Comfort Outdoor Panels 7\\ \u0026amp; 15\\ (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI Comfort Outdoor Panels 7\\ \u0026amp; 15\\ (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI Comfort Outdoor Panels 7\\ \u0026amp; 15\\ (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI Comfort Panels 4\\ - 22\\ (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI Comfort Panels 4\\ - 22\\ (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI Comfort Panels 4\\ - 22\\ (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI Comfort Panels 4\\ - 22\\ (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI Comfort Panels HMI Multi Panels HMI Mobile Panels (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI KTP Mobile Panels KTP400F KTP700 KTP700F KTP900 and KTP900F\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI KTP Mobile Panels KTP400F KTP700 KTP700F KTP900 and KTP900F\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI KTP Mobile Panels\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI KTP Mobile Panels\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IE/PB-LINK V3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Information Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-675303.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC1047E\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC1047\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC127E\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC427E\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC477E Pro\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC477E\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC527G\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC547G\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC627E\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC647D\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC647E\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC647E\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC677E\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC847D\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC847E\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC847E\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC DiagMonitor\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC DiagMonitor\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC Support Package for VxWorks\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ITC1500 PRO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ITC1500\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ITC1900 PRO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ITC1900\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ITC2200 PRO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ITC2200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ITP1000\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Logon\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MICRO-DRIVE PDC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV400 family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV400\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV540 H (6GF3540-0GE10)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV540 H\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV540 H\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV540 S (6GF3540-0CD10)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV540 S\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV540 S\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV550 H (6GF3550-0GE10)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV550 H\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV550 H\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV550 S (6GF3550-0CD10)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV550 S\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV550 S\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV560 U (6GF3560-0LE10)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV560 U\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV560 U\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV560 X (6GF3560-0HE10)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV560 X\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV560 X\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC NET CP 1604\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC NET CP 1616\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC NET DK-16xx PN IO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC NET PC Software\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PCS 7 TeleControl\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PCS 7 V8.2 and earlier\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-840188.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PCS 7 V8.2 and earlier\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-914168.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PCS 7 V9.0\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-840188.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PCS 7 V9.0\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-914168.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PCS 7 V9.1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-840188.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PCS 7 V9.1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-914168.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PCS neo\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PCS neo\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-675303.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PCS neo\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PDM\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PN/PN Coupler (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PN/PN Coupler (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PN/PN Coupler (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PN/PN Coupler (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Power Line Booster PLB Base Module\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Process Historian (incl. Process Historian OPC UA Server)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-675303.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Process Historian OPC UA Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Process Historian OPC UA Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PROFINET Driver\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PROFINET Driver\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF166C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF180C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-102233.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF180C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF182C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-102233.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF182C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF182C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF185C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF185C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF185C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF186CI\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF186CI\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF186C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF186C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF186C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF188CI\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF188CI\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF188C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF188C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF188C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF188C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF360R\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF600 family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF600R\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF600R\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF600\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF650R\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF680R\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF685R\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RTU3010C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-316383.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RTU3030C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-316383.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RTU3031C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-316383.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RTU3041C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-316383.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1200 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1200 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1200 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1200 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1200 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1200 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1200 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-838121.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU 1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0 6AG1518-4AX00-4AC0 incl. SIPLUS variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU 1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0 6AG1518-4AX00-4AC0 incl. SIPLUS variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU 1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0 6AG1518-4AX00-4AC0 incl. SIPLUS variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-838121.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 Software Controller (incl. F)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 Software Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 Software Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 Software Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 Software Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 Software Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 Software Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-838121.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-200 SMART\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-200 SMART\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 PN/DP V6 CPU family and below (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 PN/DP V7 and below CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-410 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-410 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-PLCSIM Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-PLCSIM Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-838121.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC TDC CP51M1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC TDC CP51M1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC TDC CP51M1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC TDC CP51M1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC TDC CPU555\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC TDC CPU555\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC TDC CPU555\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC TDC CPU555\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Teleservice Adapter IE Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Teleservice Adapter IE Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Teleservice Adapter IE Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Teleservice Adapter IE Basic\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Teleservice Adapter IE Basic\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Teleservice Adapter IE Basic\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Teleservice Adapter IE Standard\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Teleservice Adapter IE Standard\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinAC RTX (F) 2010\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinAC RTX (F) 2010\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinAC RTX (F) 2010\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinAC RTX (F) 2010\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinAC RTX (F) 2010\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinAC RTX (F) 2010\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC OA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC OA V3.17\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-675303.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC OA V3.18\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-675303.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC Runtime Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC Runtime Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC Runtime Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC TeleControl\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC V15 and earlier\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-840188.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC V15 and earlier\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-914168.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC V16\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-840188.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC V16\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-914168.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC V17\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-840188.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC V17\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-914168.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC V7.4 and earlier\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-840188.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC V7.4 and earlier\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-914168.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC V7.5\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-840188.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC V7.5\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-914168.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSimcenter 3D\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSimcenter Amesim\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSimcenter Femap V2020.2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-609880.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSimcenter Femap V2021.1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-609880.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSimcenter System Architect\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSimcenter System Simulation Client for Git\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSimcenter Testlab Data Management\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSimcenter Testlab\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMIT Simulation Platform\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-675303.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOCODE pro V EIP (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOCODE proV Ethernet/IP\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOCODE pro V PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOCODE pro V PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOCODE pro V PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOCODE proV PROFINET\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOTION C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOTION C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOTION D (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOTION D (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOTION (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOTION (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOTION P\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOTION P V4.4 and V4.5\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOTION P V5\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS Connect 300\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS DCM\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS DCM\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS DCM w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS DCM w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS DCP\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS DCP\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS DCP\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS DCP w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS DCP w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G110M V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G110M V4.7 PN Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G110M w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G110M w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V4.6 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V4.7 SP1 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V4.7 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V4.7 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V4.8 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V4.8 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V4.8 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V5.1 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V5.1 SP1 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 V4.6 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 V4.7 SP1 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 V4.7 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 V4.7 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 V4.8 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 V4.8 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 V4.8 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 V5.1 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 V5.1 SP1 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS GH150 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS GH150 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS GL150 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS GL150 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS GM150 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS GM150 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S110 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S110 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S110 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S110 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.7 w. PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.7 w. PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.8 w. PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.8 w. PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 V4.6 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 V4.7 SP1 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 V4.7 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 V4.7 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 V4.8 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 V4.8 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 V4.8 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 V5.1 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 V5.1 SP1 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S210 V5.1 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S210 V5.1 SP1 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S/G Control Unit w. PROFINET\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS SL150 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS SL150 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS SM120 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS SM120 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS V90 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS V90 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEC INS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-675303.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEC NMS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEC-NMS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEC NMS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEMA Remote Connect Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEMA Remote Connect Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEMA Remote Connect Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEMA Remote Connect Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-654775.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEMA Remote Connect Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-675303.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEMA Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEMA Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEMA Server V14\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 808D\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 828D HW PU.4\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 828D\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 828D\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 828D\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 828D V4.5 and prior\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 828D V4.7\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 840D sl\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 840D sl\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 840D sl\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 840D sl\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 840D sl V4.5 and prior\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 840D sl V4.7\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK MC MCU 1720\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK ONE NCU 1740\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK ONE PPU 1740\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK ONE / SINUMERIK 840D sl Handheld Terminal HT 10\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK OPC UA Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK OPC UA Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK Operate\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSiPass integrated V2.80\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSiPass integrated V2.85\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS ET 200SP CP 1543SP-1 ISEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS ET 200SP CP 1543SP-1 ISEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 1543-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 1543-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 1543-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 1543-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 343-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 343-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 343-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 343-1 Lean\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 343-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 443-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 443-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 443-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 443-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 443-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 443-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS S7-1200 CP 1243-1 RAIL\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS S7-1200 CP 1243-1 RAIL\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS S7-1200 CP 1243-1 RAIL\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS S7-1200 CP 1243-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS S7-1200 CP 1243-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS S7-1200 CP 1243-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS TIM 1531 IRC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS TIM 1531 IRC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIRIUS ACT 3SU1 interface module PROFINET\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIRIUS Motor Starter M200D PROFINET\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIRIUS Soft Starter 3RW44 PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIRIUS Soft Starter 3RW44 PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSITOP Manager\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSITOP PSU8600 PROFINET\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSITOP PSU8600\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSITOP UPS1600 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSITOP UPS1600 PROFINET (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSiveillance Command\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSiveillance Control Pro\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSiveillance Identity V1.5\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSiveillance Identity V1.6\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSiveillance Vantage\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSOFTNET-IE PNIO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSOFTNET-IE PNIO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSoftnet PROFINET IO for PC-based Windows systems\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSolid Edge CAM Pro\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSolid Edge Harness Design\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSolid Edge SE2021\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-301589.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSolid Edge SE2022\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-301589.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSpectrum Power 4\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSpectrum Power 4\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-831168.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSpectrum Power 7\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSPPA-T3000 SeS3000 Security Server (6DU7054-0..00-..A0)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-714170.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Active Workspace\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Briefcase Browser\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Data Share Manager\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Deployment Center\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Dispatcher Service\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter EDA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter FMS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Integration for CATIA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Integration Framework\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter MBSE Gateway\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Mendix Connector\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Microservices Framework\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Polarion Integration\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Rapid Start\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Reporting and Analytics V11\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Reporting and Analytics V12.2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Reporting and Analytics V12.3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Reporting and Analytics V12.4\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Reporting and Analytics V13\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Retail Footwear and Apparel\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Security Services\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Supplier Collaboration\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter System Modeling Workbench\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Technical Publishing\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Visualization V12.4\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-301589.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Visualization V13.1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-301589.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Visualization V13.2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-301589.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Visualization V13.3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-301589.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTecnomatix eBOP Manager Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTecnomatix Intosite\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTecnomatix Plant Simulation\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTecnomatix Process Designer\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTecnomatix Process Simulate\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTecnomatix Process Simulate VCLite\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTecnomatix RobotExpert\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeleControl Server Basic\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIA Administrator\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIA Administrator\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIM 1531 IRC (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIM 1531 IRC (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-838121.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIM 1531 IRC (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIM 1531 IRC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIM 1531 IRC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIM 3V-IE Advanced (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIM 3V-IE DNP3 (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIM 3V-IE (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIM 4R-IE DNP3 (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIM 4R-IE (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eValor Parts Library - VPL Direct\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eValor Parts Library - VPL Server or Service\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eVeSys\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eXpedition Enterprise VX.2.10\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eXpedition Enterprise VX.2.6\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eXpedition Enterprise VX.2.7\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eXpedition Enterprise VX.2.8\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eXpedition Enterprise (XCR) VX.2.10\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eXpedition IC Packaging VX.2.10\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eXpedition IC Packaging VX.2.6\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eXpedition IC Packaging VX.2.7\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eXpedition IC Packaging VX.2.8\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eXpedition IC Packaging (XCR) VX.2.10\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003c/tbody\u003e \u003c/table\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-40360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40360"
    },
    {
      "name": "CVE-2016-1547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1547"
    },
    {
      "name": "CVE-2021-37186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37186"
    },
    {
      "name": "CVE-2020-26139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26139"
    },
    {
      "name": "CVE-2016-4956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4956"
    },
    {
      "name": "CVE-2021-37198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37198"
    },
    {
      "name": "CVE-2016-4953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4953"
    },
    {
      "name": "CVE-2021-40363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40363"
    },
    {
      "name": "CVE-2021-46151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46151"
    },
    {
      "name": "CVE-2021-44018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44018"
    },
    {
      "name": "CVE-2022-23312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23312"
    },
    {
      "name": "CVE-2021-41990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41990"
    },
    {
      "name": "CVE-2015-5621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5621"
    },
    {
      "name": "CVE-2021-46161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46161"
    },
    {
      "name": "CVE-2021-41991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41991"
    },
    {
      "name": "CVE-2021-46160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46160"
    },
    {
      "name": "CVE-2022-23102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23102"
    },
    {
      "name": "CVE-2019-11478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11478"
    },
    {
      "name": "CVE-2019-13933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13933"
    },
    {
      "name": "CVE-2019-8460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8460"
    },
    {
      "name": "CVE-2019-6575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6575"
    },
    {
      "name": "CVE-2020-26146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26146"
    },
    {
      "name": "CVE-2020-26143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26143"
    },
    {
      "name": "CVE-2019-6568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6568"
    },
    {
      "name": "CVE-2016-1550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1550"
    },
    {
      "name": "CVE-2015-7705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7705"
    },
    {
      "name": "CVE-2021-46156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46156"
    },
    {
      "name": "CVE-2021-37197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37197"
    },
    {
      "name": "CVE-2016-7433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7433"
    },
    {
      "name": "CVE-2021-37194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37194"
    },
    {
      "name": "CVE-2021-46153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46153"
    },
    {
      "name": "CVE-2016-4955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4955"
    },
    {
      "name": "CVE-2015-7853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7853"
    },
    {
      "name": "CVE-2021-46152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46152"
    },
    {
      "name": "CVE-2017-2680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2680"
    },
    {
      "name": "CVE-2015-8138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
    },
    {
      "name": "CVE-2020-12360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12360"
    },
    {
      "name": "CVE-2016-4954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4954"
    },
    {
      "name": "CVE-2020-24588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24588"
    },
    {
      "name": "CVE-2021-37185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37185"
    },
    {
      "name": "CVE-2021-46154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46154"
    },
    {
      "name": "CVE-2020-26140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26140"
    },
    {
      "name": "CVE-2021-37195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37195"
    },
    {
      "name": "CVE-2020-8703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8703"
    },
    {
      "name": "CVE-2019-10936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10936"
    },
    {
      "name": "CVE-2020-12357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12357"
    },
    {
      "name": "CVE-2021-46159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46159"
    },
    {
      "name": "CVE-2021-3449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
    },
    {
      "name": "CVE-2017-12741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12741"
    },
    {
      "name": "CVE-2021-40358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40358"
    },
    {
      "name": "CVE-2019-10923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10923"
    },
    {
      "name": "CVE-2021-43336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43336"
    },
    {
      "name": "CVE-2020-26144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26144"
    },
    {
      "name": "CVE-2021-44000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44000"
    },
    {
      "name": "CVE-2021-20094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20094"
    },
    {
      "name": "CVE-2020-24513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24513"
    },
    {
      "name": "CVE-2019-11479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
    },
    {
      "name": "CVE-2021-20093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20093"
    },
    {
      "name": "CVE-2021-38405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38405"
    },
    {
      "name": "CVE-2020-24507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24507"
    },
    {
      "name": "CVE-2021-46155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46155"
    },
    {
      "name": "CVE-2020-13987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13987"
    },
    {
      "name": "CVE-2021-45046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
    },
    {
      "name": "CVE-2020-12358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12358"
    },
    {
      "name": "CVE-2021-37196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37196"
    },
    {
      "name": "CVE-2021-40364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40364"
    },
    {
      "name": "CVE-2019-11477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11477"
    },
    {
      "name": "CVE-2020-26147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26147"
    },
    {
      "name": "CVE-2021-37204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37204"
    },
    {
      "name": "CVE-2019-19300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19300"
    },
    {
      "name": "CVE-2019-13946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13946"
    },
    {
      "name": "CVE-2019-10942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10942"
    },
    {
      "name": "CVE-2020-8670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8670"
    },
    {
      "name": "CVE-2017-2681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2681"
    },
    {
      "name": "CVE-2016-2518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2518"
    },
    {
      "name": "CVE-2020-8704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8704"
    },
    {
      "name": "CVE-2020-28400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28400"
    },
    {
      "name": "CVE-2021-46158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46158"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2016-7431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7431"
    },
    {
      "name": "CVE-2021-3712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
    },
    {
      "name": "CVE-2020-26141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26141"
    },
    {
      "name": "CVE-2020-24486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24486"
    },
    {
      "name": "CVE-2020-24506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24506"
    },
    {
      "name": "CVE-2021-46157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46157"
    },
    {
      "name": "CVE-2021-45106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45106"
    },
    {
      "name": "CVE-2020-24512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
    },
    {
      "name": "CVE-2020-17437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-17437"
    },
    {
      "name": "CVE-2021-44016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44016"
    },
    {
      "name": "CVE-2020-24511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
    },
    {
      "name": "CVE-2021-40359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40359"
    },
    {
      "name": "CVE-2021-37205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37205"
    },
    {
      "name": "CVE-2018-18065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18065"
    },
    {
      "name": "CVE-2017-6458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6458"
    },
    {
      "name": "CVE-2016-1548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1548"
    },
    {
      "name": "CVE-2019-19301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19301"
    },
    {
      "name": "CVE-2016-9042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9042"
    },
    {
      "name": "CVE-2020-26145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26145"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-124",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-02-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-541018 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-541018.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-914168 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-914168.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-309571 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-309571.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-675303 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-675303.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-244969 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-244969.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-654775 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-654775.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-316383 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-316383.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-100232 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-100232.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-480230 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-480230.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-978220 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-978220.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-840188 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-840188.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-211752 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-211752.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-772220 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-772220.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-539476 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-539476.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-599968 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-599968.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-443566 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-443566.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-995338 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-995338.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-462066 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-462066.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-102233 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-102233.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-301589 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-301589.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-669737 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-669737.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-609880 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-609880.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssb-439005 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssb-439005.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-473245 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-473245.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-831168 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-831168.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-593272 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-593272.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-838121 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-838121.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-307392 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-307392.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-780073 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-780073.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-349422 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-349422.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-346262 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-346262.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-293562 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-293562.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-913875 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-913875.html"
    }
  ]
}

CERTFR-2022-AVI-016

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SAP	N/A	SAP Enterprise Continuous Testing by Tricentis
SAP	N/A	SAP S/4HANA versions 100, 101, 102, 103, 104, 105 et 106
SAP	N/A	SAP Edge Services Cloud Edition
SAP	N/A	SAP GRC Access Control versions V1100_700, V1100_731 et V1200_750
SAP	N/A	SAP Internet of Things Edge Platform
SAP	N/A	SAP Cloud for Customer (complément pour le client Lotus notes)
SAP	N/A	SAP NetWeaver AS for ABAP and ABAP Platform versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 786
SAP	N/A	SAP Connected Health Platform 2.0 - Fhirserver
SAP	N/A	SAP HANA XS Advanced Cockpit
SAP	N/A	SAP 3D Visual Enterprise Viewer version 9
SAP	N/A	SAP Reference Template for enabling ingestion and persistence of time series data in Azure
SAP	N/A	SAP NetWeaver ABAP Server and ABAP Platform (Adobe LiveCycle Designer 11.0)
SAP	N/A	SAP BTP Cloud Foundry
SAP	N/A	SAP HANA XS Advanced
SAP	N/A	SAP Cloud-to-Cloud Interoperability
SAP	N/A	SAP Digital Manufacturing Cloud for Edge Computing
SAP	N/A	SAP Enterprise Threat Detection version 2.0
SAP	N/A	SAP NetWeaver Process Integration
SAP	N/A	SAP Enable Now Manager
SAP	N/A	SAP Customer Checkout
SAP	N/A	SAP BTP API Management (Tenant Cloning Tool)
SAP	N/A	SAP Edge Services On Premise Edition
SAP	N/A	SAP Business One
SAP	N/A	SAP Business One version 10
SAP	N/A	SAP Landscape Management
SAP	N/A	SAP Localization Hub, digital compliance service for India
SAP	N/A	SAP NetWeaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755 et 756
SAP	N/A	SAP BTP Kyma

References

Title

Publication Time

Tags

Bulletin de sécurité SAP du 11 janvier 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SAP Enterprise Continuous Testing by Tricentis",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP S/4HANA versions 100, 101, 102, 103, 104, 105 et 106",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Edge Services Cloud Edition",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP GRC Access Control versions V1100_700, V1100_731 et V1200_750",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Internet of Things Edge Platform",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Cloud for Customer (compl\u00e9ment pour le client Lotus notes)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS for ABAP and ABAP Platform versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 786",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Connected Health Platform 2.0 - Fhirserver",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP HANA XS Advanced Cockpit",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP 3D Visual Enterprise Viewer version 9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Reference Template for enabling ingestion and persistence of time series data in Azure",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver ABAP Server and ABAP Platform (Adobe LiveCycle Designer 11.0)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP BTP Cloud Foundry",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP HANA XS Advanced",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Cloud-to-Cloud Interoperability",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Digital Manufacturing Cloud for Edge Computing",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Enterprise Threat Detection version 2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver Process Integration",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Enable Now Manager",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Customer Checkout",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP BTP API Management (Tenant Cloning Tool)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Edge Services On Premise Edition",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business One",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business One version 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Landscape Management",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Localization Hub, digital compliance service for India",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755 et 756",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP BTP Kyma",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-44233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44233"
    },
    {
      "name": "CVE-2022-22531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22531"
    },
    {
      "name": "CVE-2021-44235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44235"
    },
    {
      "name": "CVE-2021-42069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42069"
    },
    {
      "name": "CVE-2022-42067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42067"
    },
    {
      "name": "CVE-2021-42070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42070"
    },
    {
      "name": "CVE-2022-22530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22530"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2021-42068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42068"
    },
    {
      "name": "CVE-2021-44234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44234"
    },
    {
      "name": "CVE-2021-42066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42066"
    },
    {
      "name": "CVE-2022-22529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22529"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-016",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-01-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SAP du 11 janvier 2022",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035"
    }
  ]
}

CERTFR-2022-AVI-1027

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans IBM Db2. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	Db2	IBM Db2 versions 11.5.6 et 11.5.7 sans le correctif de sécurité
	IBM	Db2	IBM Db2 versions 11.5.x antérieures à 11.5.8

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6528672 du 11 novembre 2022	None	vendor-advisory
Bulletin de sécurité IBM 6526462 du 11 novembre 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Db2 versions 11.5.6 et 11.5.7 sans le correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.8",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-45105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
    },
    {
      "name": "CVE-2021-4104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
    },
    {
      "name": "CVE-2021-45046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2021-44832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-1027",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-11-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Db2. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Db2",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6528672 du 11 novembre 2022",
      "url": "https://www.ibm.com/support/pages/node/6528672"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6526462 du 11 novembre 2022",
      "url": "https://www.ibm.com/support/pages/node/6526462"
    }
  ]
}

CERTFR-2024-AVI-0027

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	CTPView versions versions antérieures à 9.1R5
Juniper Networks	Junos OS Evolved	Junos OS Evolved version antérieures à 20.4R2-EVO, 20.4R2-S2-EVO, 20.4R3-EVO, 20.4R3-S7-EVO, 21.1R2-EVO, 21.2R2-EVO, 21.2R3-S7-EVO, 21.3R2-EVO, 21.3R3-S5-EVO, 21.4R3-EVO, 21.4R3-S3-EVO, 21.4R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-EVO, 22.1R3-S2-EVO, 22.1R3-S4-EVO, 22.1R3-S5-EVO, 22.2R2-S1-EVO, 22.2R2-S2-EVO, 22.2R3-EVO, 22.2R3-S2-EVO, 22.2R3-S3-EVO, 22.3R1-EVO, 22.3R2-EVO, 22.3R3-EVO, 22.3R3-S1-EVO, 22.4R1-EVO, 22.4R2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-EVO, 23.2R1-S1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO et 23.4R1-EVO
Juniper Networks	N/A	Paragon Active Assurance versions antérieures à 3.1.2, 3.2.3, 3.3.2 et 3.4.1
Juniper Networks	Junos OS	Junos OS version antérieures à 20.4R3-S3, 20.4R3-S6, 20.4R3-S7, 20.4R3-S8, 20.4R3-S9, 21.1R3-S4, 21.1R3-S5, 21.2R3, 21.2R3-S3, 21.2R3-S4, 21.2R3-S5, 21.2R3-S6, 21.2R3-S7, 21.3R2-S1, 21.3R3, 21.3R3-S3, 21.3R3-S4, 21.3R3-S5, 21.4R2, 21.4R3, 21.4R3-S3, 21.4R3-S4, 21.4R3-S5, 22.1R2, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.1R3-S2, 22.1R3-S3, 22.1R3-S4, 22.2R1, 22.2R2, 22.2R2-S1, 22.2R2-S2, 22.2R3, 22.2R3-S1, 22.2R3-S2, 22.2R3-S3, 22.3R1, 22.3R2, 22.3R2-S1, 22.3R2-S2, 22.3R3, 22.3R3-S1, 22.3R3-S2, 22.4R1, 22.4R1-S2, 22.4R2, 22.4R2-S1, 22.4R2-S2, 22.4R3, 23.1R1, 23.1R2, 23.2R1, 23.2R1-S1, 23.2R1-S2, 23.2R2, 23.3R1 et 23.4R1
Juniper Networks	Session Smart Router	Session Smart Router versions antérieures à SSR-6.2.3-r2
Juniper Networks	N/A	Security Director Insights versions antérieures à 23.1R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA75723 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75741 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75752 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75757 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75730 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75734 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75737 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75721 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75736 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75747 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75758 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA11272 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75727 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75233 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75754 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75753 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75742 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75740 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75748 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75744 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75743 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75738 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75733 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75725 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75755 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75735 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75745 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75729 du 10 janvier 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CTPView versions versions ant\u00e9rieures \u00e0 9.1R5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved version ant\u00e9rieures \u00e0 20.4R2-EVO, 20.4R2-S2-EVO, 20.4R3-EVO, 20.4R3-S7-EVO, 21.1R2-EVO, 21.2R2-EVO, 21.2R3-S7-EVO, 21.3R2-EVO, 21.3R3-S5-EVO, 21.4R3-EVO, 21.4R3-S3-EVO, 21.4R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-EVO, 22.1R3-S2-EVO, 22.1R3-S4-EVO, 22.1R3-S5-EVO, 22.2R2-S1-EVO, 22.2R2-S2-EVO, 22.2R3-EVO, 22.2R3-S2-EVO, 22.2R3-S3-EVO, 22.3R1-EVO, 22.3R2-EVO, 22.3R3-EVO, 22.3R3-S1-EVO, 22.4R1-EVO, 22.4R2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-EVO, 23.2R1-S1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO et 23.4R1-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Paragon Active Assurance versions ant\u00e9rieures \u00e0 3.1.2, 3.2.3, 3.3.2 et 3.4.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS version ant\u00e9rieures \u00e0 20.4R3-S3, 20.4R3-S6, 20.4R3-S7, 20.4R3-S8, 20.4R3-S9, 21.1R3-S4, 21.1R3-S5, 21.2R3, 21.2R3-S3, 21.2R3-S4, 21.2R3-S5, 21.2R3-S6, 21.2R3-S7, 21.3R2-S1, 21.3R3, 21.3R3-S3, 21.3R3-S4, 21.3R3-S5, 21.4R2, 21.4R3, 21.4R3-S3, 21.4R3-S4, 21.4R3-S5, 22.1R2, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.1R3-S2, 22.1R3-S3, 22.1R3-S4, 22.2R1, 22.2R2, 22.2R2-S1, 22.2R2-S2, 22.2R3, 22.2R3-S1, 22.2R3-S2, 22.2R3-S3, 22.3R1, 22.3R2, 22.3R2-S1, 22.3R2-S2, 22.3R3, 22.3R3-S1, 22.3R3-S2, 22.4R1, 22.4R1-S2, 22.4R2, 22.4R2-S1, 22.4R2-S2, 22.4R3, 23.1R1, 23.1R2, 23.2R1, 23.2R1-S1, 23.2R1-S2, 23.2R2, 23.3R1 et 23.4R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Session Smart Router versions ant\u00e9rieures \u00e0 SSR-6.2.3-r2",
      "product": {
        "name": "Session Smart Router",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Security Director Insights versions ant\u00e9rieures \u00e0 23.1R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-3707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3707"
    },
    {
      "name": "CVE-2024-21602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21602"
    },
    {
      "name": "CVE-2022-41974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41974"
    },
    {
      "name": "CVE-2023-38802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38802"
    },
    {
      "name": "CVE-2023-21938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
    },
    {
      "name": "CVE-2023-21843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
    },
    {
      "name": "CVE-2022-42720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42720"
    },
    {
      "name": "CVE-2022-30594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30594"
    },
    {
      "name": "CVE-2022-41973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41973"
    },
    {
      "name": "CVE-2023-0461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0461"
    },
    {
      "name": "CVE-2024-21616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21616"
    },
    {
      "name": "CVE-2021-25220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25220"
    },
    {
      "name": "CVE-2023-2235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2235"
    },
    {
      "name": "CVE-2023-23454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
    },
    {
      "name": "CVE-2023-21954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
    },
    {
      "name": "CVE-2022-2964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2964"
    },
    {
      "name": "CVE-2023-21939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
    },
    {
      "name": "CVE-2023-1281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1281"
    },
    {
      "name": "CVE-2024-21599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21599"
    },
    {
      "name": "CVE-2022-47929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47929"
    },
    {
      "name": "CVE-2022-3628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3628"
    },
    {
      "name": "CVE-2024-21614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21614"
    },
    {
      "name": "CVE-2023-21830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
    },
    {
      "name": "CVE-2023-3817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
    },
    {
      "name": "CVE-2023-26464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
    },
    {
      "name": "CVE-2020-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
    },
    {
      "name": "CVE-2021-26691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
    },
    {
      "name": "CVE-2022-4269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4269"
    },
    {
      "name": "CVE-2022-42703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
    },
    {
      "name": "CVE-2024-21607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21607"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2023-32067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
    },
    {
      "name": "CVE-2023-0266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
    },
    {
      "name": "CVE-2019-17571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
    },
    {
      "name": "CVE-2022-39189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39189"
    },
    {
      "name": "CVE-2022-3239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3239"
    },
    {
      "name": "CVE-2022-43750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
    },
    {
      "name": "CVE-2022-3567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3567"
    },
    {
      "name": "CVE-2023-2828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
    },
    {
      "name": "CVE-2021-4104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
    },
    {
      "name": "CVE-2023-22081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
    },
    {
      "name": "CVE-2023-20569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
    },
    {
      "name": "CVE-2024-21596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21596"
    },
    {
      "name": "CVE-2022-3564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
    },
    {
      "name": "CVE-2021-33656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33656"
    },
    {
      "name": "CVE-2023-1582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1582"
    },
    {
      "name": "CVE-2022-4129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4129"
    },
    {
      "name": "CVE-2022-41218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
    },
    {
      "name": "CVE-2023-2194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2194"
    },
    {
      "name": "CVE-2024-21604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21604"
    },
    {
      "name": "CVE-2023-32360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
    },
    {
      "name": "CVE-2022-0934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0934"
    },
    {
      "name": "CVE-2020-9493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9493"
    },
    {
      "name": "CVE-2021-3573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
    },
    {
      "name": "CVE-2022-2196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2196"
    },
    {
      "name": "CVE-2021-39275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
    },
    {
      "name": "CVE-2022-42896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42896"
    },
    {
      "name": "CVE-2022-21699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21699"
    },
    {
      "name": "CVE-2024-21600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21600"
    },
    {
      "name": "CVE-2021-33655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33655"
    },
    {
      "name": "CVE-2023-0767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
    },
    {
      "name": "CVE-2022-1462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1462"
    },
    {
      "name": "CVE-2023-23920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
    },
    {
      "name": "CVE-2023-20593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
    },
    {
      "name": "CVE-2024-21606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21606"
    },
    {
      "name": "CVE-2022-0330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
    },
    {
      "name": "CVE-2022-41222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41222"
    },
    {
      "name": "CVE-2016-10009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10009"
    },
    {
      "name": "CVE-2022-23305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23305"
    },
    {
      "name": "CVE-2022-2663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2663"
    },
    {
      "name": "CVE-2023-23918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
    },
    {
      "name": "CVE-2024-21591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21591"
    },
    {
      "name": "CVE-2020-12321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12321"
    },
    {
      "name": "CVE-2022-23307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23307"
    },
    {
      "name": "CVE-2022-3524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3524"
    },
    {
      "name": "CVE-2022-39188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39188"
    },
    {
      "name": "CVE-2023-3341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
    },
    {
      "name": "CVE-2022-37434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
    },
    {
      "name": "CVE-2022-2795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2795"
    },
    {
      "name": "CVE-2022-22942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
    },
    {
      "name": "CVE-2022-43945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43945"
    },
    {
      "name": "CVE-2022-3625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3625"
    },
    {
      "name": "CVE-2021-34798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
    },
    {
      "name": "CVE-2024-21587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21587"
    },
    {
      "name": "CVE-2022-42721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42721"
    },
    {
      "name": "CVE-2022-4378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
    },
    {
      "name": "CVE-2022-4254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4254"
    },
    {
      "name": "CVE-2024-21617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21617"
    },
    {
      "name": "CVE-2023-1195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1195"
    },
    {
      "name": "CVE-2024-21589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21589"
    },
    {
      "name": "CVE-2023-21937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
    },
    {
      "name": "CVE-2023-22809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22809"
    },
    {
      "name": "CVE-2022-20141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20141"
    },
    {
      "name": "CVE-2021-4155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
    },
    {
      "name": "CVE-2023-2650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
    },
    {
      "name": "CVE-2024-21595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21595"
    },
    {
      "name": "CVE-2021-3564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
    },
    {
      "name": "CVE-2021-3621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3621"
    },
    {
      "name": "CVE-2023-0394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0394"
    },
    {
      "name": "CVE-2022-22164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22164"
    },
    {
      "name": "CVE-2024-21597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21597"
    },
    {
      "name": "CVE-2021-3752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
    },
    {
      "name": "CVE-2023-0386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0386"
    },
    {
      "name": "CVE-2016-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
    },
    {
      "name": "CVE-2021-26341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26341"
    },
    {
      "name": "CVE-2022-38023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38023"
    },
    {
      "name": "CVE-2023-22045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
    },
    {
      "name": "CVE-2022-1679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1679"
    },
    {
      "name": "CVE-2023-22049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
    },
    {
      "name": "CVE-2023-38408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
    },
    {
      "name": "CVE-2022-3619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3619"
    },
    {
      "name": "CVE-2021-0920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
    },
    {
      "name": "CVE-2023-1829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1829"
    },
    {
      "name": "CVE-2022-25265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25265"
    },
    {
      "name": "CVE-2022-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1789"
    },
    {
      "name": "CVE-2022-2873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2873"
    },
    {
      "name": "CVE-2022-3623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3623"
    },
    {
      "name": "CVE-2024-21611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21611"
    },
    {
      "name": "CVE-2024-21613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21613"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2023-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
    },
    {
      "name": "CVE-2024-21612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21612"
    },
    {
      "name": "CVE-2022-42722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42722"
    },
    {
      "name": "CVE-2024-21603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21603"
    },
    {
      "name": "CVE-2023-21930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
    },
    {
      "name": "CVE-2024-21585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21585"
    },
    {
      "name": "CVE-2022-23302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23302"
    },
    {
      "name": "CVE-2023-24329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
    },
    {
      "name": "CVE-2021-44832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
    },
    {
      "name": "CVE-2021-44790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
    },
    {
      "name": "CVE-2023-36842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36842"
    },
    {
      "name": "CVE-2022-4139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
    },
    {
      "name": "CVE-2024-21594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21594"
    },
    {
      "name": "CVE-2022-3028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3028"
    },
    {
      "name": "CVE-2022-3566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3566"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2023-21967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
    },
    {
      "name": "CVE-2022-41674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41674"
    },
    {
      "name": "CVE-2024-21601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21601"
    },
    {
      "name": "CVE-2023-2124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
    },
    {
      "name": "CVE-2020-0465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0027",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-01-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75723 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-rpd-process-crash-due-to-BGP-flap-on-NSR-enabled-devices-CVE-2024-21585"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75741 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-PTX-Series-In-an-FTI-scenario-MPLS-packets-hitting-reject-next-hop-will-cause-a-host-path-wedge-condition-CVE-2024-21600"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75752 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-jflow-scenario-continuous-route-churn-will-cause-a-memory-leak-and-eventually-an-rpd-crash-CVE-2024-21611"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75757 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Processing-of-a-specific-SIP-packet-causes-NAT-IP-allocation-to-fail-CVE-2024-21616"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75730 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-jdhcpd-will-hang-on-receiving-a-specific-DHCP-packet-CVE-2023-36842"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75734 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-EX4100-EX4400-EX4600-and-QFX5000-Series-A-high-rate-of-specific-ICMP-traffic-will-cause-the-PFE-to-hang-CVE-2024-21595"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75737 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Security-Director-Insights-Multiple-vulnerabilities-in-SDI"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75721 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-IPython-privilege-escalation-vulnerability-CVE-2022-21699"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75736 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-CTPView-Multiple-vulnerabilities-in-CTPView-CVE-yyyy-nnnn"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75747 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-flowd-will-crash-when-tcp-encap-is-enabled-and-specific-packets-are-received-CVE-2024-21606"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75758 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-BGP-flap-on-NSR-enabled-devices-causes-memory-leak-CVE-2024-21617"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11272 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2022-01-Security-Bulletin-Junos-OS-Evolved-Telnet-service-may-be-enabled-when-it-is-expected-to-be-disabled-CVE-2022-22164"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75727 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Paragon-Active-Assurance-Control-Center-Information-disclosure-vulnerability-CVE-2024-21589"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75233 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75754 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-link-flap-causes-patroot-memory-leak-which-leads-to-rpd-crash-CVE-2024-21613"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75753 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-Specific-TCP-traffic-causes-OFP-core-and-restart-of-RE-CVE-2024-21612"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75742 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-Due-to-an-error-in-processing-TCP-events-flowd-will-crash-CVE-2024-21601"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75740 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-MPC3E-memory-leak-with-PTP-configuration-CVE-2024-21599"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75748 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-and-EX9200-Series-If-the-tcp-reset-option-used-in-an-IPv6-filter-matched-packets-are-accepted-instead-of-rejected-CVE-2024-21607"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75744 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-Gathering-statistics-in-a-scaled-SCU-DCU-configuration-will-lead-to-a-device-crash-CVE-2024-21603"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75743 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-ACX7024-ACX7100-32C-and-ACX7100-48L-Traffic-stops-when-a-specific-IPv4-UDP-packet-is-received-by-the-RE-CVE-2024-21602"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75738 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-In-an-AF-scenario-traffic-can-bypass-configured-lo0-firewall-filters-CVE-2024-21597"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75733 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-5000-Series-Repeated-execution-of-a-specific-CLI-command-causes-a-flowd-crash-CVE-2024-21594"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75725 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Memory-leak-in-bbe-smgd-process-if-BFD-liveness-detection-for-DHCP-subscribers-is-enabled-CVE-2024-21587"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75755 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-query-via-DREND-causes-rpd-crash-CVE-2024-21614"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75735 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-BGP-UPDATE-message-will-cause-a-crash-in-the-backup-Routing-Engine-CVE-2024-21596"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75745 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-A-high-rate-of-specific-traffic-will-cause-a-complete-system-outage-CVE-2024-21604"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75729 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591"
    }
  ]
}

CERTFR-2022-AVI-243

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	iTunes pour Windows versions antérieures à 12.12.3
Apple	N/A	Xcode versions antérieures à 13.3
Apple	macOS	macOS Catalina sans le correctif de sécurité 2022-003
Apple	N/A	watchOS versions antérieures à 8.5
Apple	macOS	macOS Monterey versions antérieures à 12.3
Apple	N/A	Logic Pro X versions antérieures à 10.7.3
Apple	N/A	iOS et iPadOS versions antérieures à 15.4
Apple	N/A	GarageBand versions antérieures à 10.4.6
Apple	macOS	macOS Big Sur versions antérieures à 11.6.5

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT213191 du 14 mars 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213182 du 14 mars 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213184 du 14 mars 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213185 du 14 mars 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213183 du 14 mars 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213188 du 14 mars 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213190 du 14 mars 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213193 du 14 mars 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213189 du 14 mars 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iTunes pour Windows versions ant\u00e9rieures \u00e0 12.12.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Xcode versions ant\u00e9rieures \u00e0 13.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Catalina sans le correctif de s\u00e9curit\u00e9 2022-003",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 8.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Monterey versions ant\u00e9rieures \u00e0 12.3",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Logic Pro X versions ant\u00e9rieures \u00e0 10.7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 15.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "GarageBand versions ant\u00e9rieures \u00e0 10.4.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.6.5",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-22653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22653"
    },
    {
      "name": "CVE-2022-22652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22652"
    },
    {
      "name": "CVE-2022-22647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22647"
    },
    {
      "name": "CVE-2022-22659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22659"
    },
    {
      "name": "CVE-2022-22656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22656"
    },
    {
      "name": "CVE-2022-0158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0158"
    },
    {
      "name": "CVE-2022-22612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22612"
    },
    {
      "name": "CVE-2022-22671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22671"
    },
    {
      "name": "CVE-2022-22643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22643"
    },
    {
      "name": "CVE-2021-4192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4192"
    },
    {
      "name": "CVE-2022-22670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22670"
    },
    {
      "name": "CVE-2022-22651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22651"
    },
    {
      "name": "CVE-2022-22602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22602"
    },
    {
      "name": "CVE-2022-22611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22611"
    },
    {
      "name": "CVE-2022-22626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22626"
    },
    {
      "name": "CVE-2021-4173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
    },
    {
      "name": "CVE-2022-22624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22624"
    },
    {
      "name": "CVE-2022-22597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22597"
    },
    {
      "name": "CVE-2022-22648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22648"
    },
    {
      "name": "CVE-2022-22641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22641"
    },
    {
      "name": "CVE-2022-22622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22622"
    },
    {
      "name": "CVE-2021-4136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
    },
    {
      "name": "CVE-2022-22669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22669"
    },
    {
      "name": "CVE-2022-0156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0156"
    },
    {
      "name": "CVE-2022-22601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22601"
    },
    {
      "name": "CVE-2022-22623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22623"
    },
    {
      "name": "CVE-2022-22614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22614"
    },
    {
      "name": "CVE-2021-22947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
    },
    {
      "name": "CVE-2022-22598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22598"
    },
    {
      "name": "CVE-2022-22666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22666"
    },
    {
      "name": "CVE-2022-22618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22618"
    },
    {
      "name": "CVE-2021-4166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
    },
    {
      "name": "CVE-2021-22946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
    },
    {
      "name": "CVE-2022-0128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0128"
    },
    {
      "name": "CVE-2022-22639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22639"
    },
    {
      "name": "CVE-2022-22662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22662"
    },
    {
      "name": "CVE-2022-22638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22638"
    },
    {
      "name": "CVE-2022-22609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22609"
    },
    {
      "name": "CVE-2022-22665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22665"
    },
    {
      "name": "CVE-2022-22600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22600"
    },
    {
      "name": "CVE-2022-22617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22617"
    },
    {
      "name": "CVE-2022-22640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22640"
    },
    {
      "name": "CVE-2022-22642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22642"
    },
    {
      "name": "CVE-2022-22596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22596"
    },
    {
      "name": "CVE-2021-4193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4193"
    },
    {
      "name": "CVE-2021-36976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36976"
    },
    {
      "name": "CVE-2022-22582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22582"
    },
    {
      "name": "CVE-2022-22605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22605"
    },
    {
      "name": "CVE-2022-22599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22599"
    },
    {
      "name": "CVE-2022-22650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22650"
    },
    {
      "name": "CVE-2022-22625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22625"
    },
    {
      "name": "CVE-2022-22604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22604"
    },
    {
      "name": "CVE-2022-22632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22632"
    },
    {
      "name": "CVE-2022-22660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22660"
    },
    {
      "name": "CVE-2022-22657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22657"
    },
    {
      "name": "CVE-2022-22607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22607"
    },
    {
      "name": "CVE-2022-22627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22627"
    },
    {
      "name": "CVE-2022-22636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22636"
    },
    {
      "name": "CVE-2022-22615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22615"
    },
    {
      "name": "CVE-2022-22634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22634"
    },
    {
      "name": "CVE-2022-22635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22635"
    },
    {
      "name": "CVE-2021-30918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30918"
    },
    {
      "name": "CVE-2022-22621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22621"
    },
    {
      "name": "CVE-2022-22637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22637"
    },
    {
      "name": "CVE-2022-22654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22654"
    },
    {
      "name": "CVE-2022-22606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22606"
    },
    {
      "name": "CVE-2022-22633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22633"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2022-22603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22603"
    },
    {
      "name": "CVE-2022-22616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22616"
    },
    {
      "name": "CVE-2022-22661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22661"
    },
    {
      "name": "CVE-2022-22613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22613"
    },
    {
      "name": "CVE-2022-22610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22610"
    },
    {
      "name": "CVE-2022-22608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22608"
    },
    {
      "name": "CVE-2022-22668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22668"
    },
    {
      "name": "CVE-2019-14379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
    },
    {
      "name": "CVE-2022-22628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22628"
    },
    {
      "name": "CVE-2022-22644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22644"
    },
    {
      "name": "CVE-2021-4187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
    },
    {
      "name": "CVE-2022-22664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22664"
    },
    {
      "name": "CVE-2022-22667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22667"
    },
    {
      "name": "CVE-2021-46059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46059"
    },
    {
      "name": "CVE-2022-22629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22629"
    },
    {
      "name": "CVE-2021-22945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22945"
    },
    {
      "name": "CVE-2022-22631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22631"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-243",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213191 du 14 mars 2022",
      "url": "https://support.apple.com/fr-fr/HT213191"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213182 du 14 mars 2022",
      "url": "https://support.apple.com/fr-fr/HT213182"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213184 du 14 mars 2022",
      "url": "https://support.apple.com/fr-fr/HT213184"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213185 du 14 mars 2022",
      "url": "https://support.apple.com/fr-fr/HT213185"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213183 du 14 mars 2022",
      "url": "https://support.apple.com/fr-fr/HT213183"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213188 du 14 mars 2022",
      "url": "https://support.apple.com/fr-fr/HT213188"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213190 du 14 mars 2022",
      "url": "https://support.apple.com/fr-fr/HT213190"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213193 du 14 mars 2022",
      "url": "https://support.apple.com/fr-fr/HT213193"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213189 du 14 mars 2022",
      "url": "https://support.apple.com/fr-fr/HT213189"
    }
  ]
}

CERTFR-2022-AVI-1027

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans IBM Db2. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	Db2	IBM Db2 versions 11.5.6 et 11.5.7 sans le correctif de sécurité
	IBM	Db2	IBM Db2 versions 11.5.x antérieures à 11.5.8

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6528672 du 11 novembre 2022	None	vendor-advisory
Bulletin de sécurité IBM 6526462 du 11 novembre 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Db2 versions 11.5.6 et 11.5.7 sans le correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.8",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-45105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
    },
    {
      "name": "CVE-2021-4104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
    },
    {
      "name": "CVE-2021-45046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2021-44832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-1027",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-11-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Db2. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Db2",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6528672 du 11 novembre 2022",
      "url": "https://www.ibm.com/support/pages/node/6528672"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6526462 du 11 novembre 2022",
      "url": "https://www.ibm.com/support/pages/node/6526462"
    }
  ]
}

CERTFR-2022-AVI-717

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Eurotherm Data Reviewer3.0.2 software versions antérieures 4.0.0
N/A	N/A	Modicon Momentum MDI (171CBU*) toutes versions
Schneider Electric	N/A	EcoStruxure Control Expert versions antérieures à 15.2
Symfony	process	EcoStruxure Process Expert versions antérieures à 2021
N/A	N/A	Modicon M580 CPU (BMEP* et BMEH*) versions antérieures à 4.01
Schneider Electric	N/A	Legacy Modicon Quantum toutes versions
N/A	N/A	OPC UA Modicon Communication Module (BMENUA0100) versions antérieures à 2.01
Schneider Electric	N/A	Modicon MC80 (BMKC80) toutes versions
Schneider Electric	Modicon M340	Modicon M340 CPU (BMXP34*) versions antérieures 3.50

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SESB-2021-347-01 du 9 août 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2019-281-02 du 9 août 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-221-01 du 9 août 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-193-01 du 9 août 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-05 du 9 août 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-221-03 du 9 août 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-221-02 du 9 août 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2018-081-01 du 9 août 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-222-04 du 9 août 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-194-01 du 9 août 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-221-04 du 9 août 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Eurotherm Data Reviewer3.0.2 software versions ant\u00e9rieures 4.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon Momentum MDI (171CBU*) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "EcoStruxure Control Expert versions ant\u00e9rieures \u00e0 15.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Process Expert versions ant\u00e9rieures \u00e0 2021",
      "product": {
        "name": "process",
        "vendor": {
          "name": "Symfony",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon M580 CPU (BMEP* et BMEH*) versions ant\u00e9rieures \u00e0 4.01",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Legacy Modicon Quantum toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "OPC UA Modicon Communication Module (BMENUA0100) versions ant\u00e9rieures \u00e0 2.01",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon MC80 (BMKC80) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Modicon M340 CPU (BMXP34*) versions ant\u00e9rieures 3.50",
      "product": {
        "name": "Modicon M340",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-6846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6846"
    },
    {
      "name": "CVE-2022-34760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34760"
    },
    {
      "name": "CVE-2020-35198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
    },
    {
      "name": "CVE-2021-22791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22791"
    },
    {
      "name": "CVE-2022-34762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34762"
    },
    {
      "name": "CVE-2019-6841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6841"
    },
    {
      "name": "CVE-2021-45105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
    },
    {
      "name": "CVE-2021-22779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22779"
    },
    {
      "name": "CVE-2021-22781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22781"
    },
    {
      "name": "CVE-2021-22780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22780"
    },
    {
      "name": "CVE-2021-4104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
    },
    {
      "name": "CVE-2021-22790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22790"
    },
    {
      "name": "CVE-2022-37302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37302"
    },
    {
      "name": "CVE-2022-34761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34761"
    },
    {
      "name": "CVE-2022-34759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34759"
    },
    {
      "name": "CVE-2022-37301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37301"
    },
    {
      "name": "CVE-2018-7241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7241"
    },
    {
      "name": "CVE-2021-22786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22786"
    },
    {
      "name": "CVE-2018-7242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7242"
    },
    {
      "name": "CVE-2019-6844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6844"
    },
    {
      "name": "CVE-2019-6842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6842"
    },
    {
      "name": "CVE-2021-22782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22782"
    },
    {
      "name": "CVE-2021-22778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22778"
    },
    {
      "name": "CVE-2022-34764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34764"
    },
    {
      "name": "CVE-2022-34763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34763"
    },
    {
      "name": "CVE-2021-45046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
    },
    {
      "name": "CVE-2022-37300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37300"
    },
    {
      "name": "CVE-2021-22789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22789"
    },
    {
      "name": "CVE-2019-6847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6847"
    },
    {
      "name": "CVE-2022-34765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34765"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2021-22792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22792"
    },
    {
      "name": "CVE-2019-6843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6843"
    },
    {
      "name": "CVE-2018-7240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7240"
    },
    {
      "name": "CVE-2011-4859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4859"
    },
    {
      "name": "CVE-2020-28895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
    },
    {
      "name": "CVE-2021-44832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
    },
    {
      "name": "CVE-2020-12525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12525"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-717",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-08-09T00:00:00.000000"
    },
    {
      "description": "Mise \u00e0 jour des liens",
      "revision_date": "2022-08-22T00:00:00.000000"
    },
    {
      "description": "Mise \u00e0 jour des liens des bulletins de s\u00e9curit\u00e9 Schneider SEVD-2022-221-01, SEVD-2022-221-02 et SEVD-2022-221-04 du 9 ao\u00fbt 2022.",
      "revision_date": "2022-09-08T00:00:00.000000"
    },
    {
      "description": "Ajout du libell\u00e9 [SCADA] dans le titre.",
      "revision_date": "2022-09-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SESB-2021-347-01 du 9 ao\u00fbt 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SESB-2021-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SESB-2021-347-01_Apache_Log4j_Log4Shell_Vulnerabilities_Security_Notification_V14.0.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2019-281-02 du 9 ao\u00fbt 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-281-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2019-281-02_Modicon_Controllers_Security_Notification_V3.0.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-01 du 9 ao\u00fbt 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-01_EcoStruxure_Control_Expert_Modicon580_Security_Notification_V1.1.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-193-01 du 9 ao\u00fbt 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules_Security_Notification_V3.0.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 9 ao\u00fbt 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V10.0.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-03 du 9 ao\u00fbt 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-03_EcoStruxure_Control_Expert_Security_Notification.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-02 du 9 ao\u00fbt 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-02_Modicon_Controllers_Security_Notification_V1.1.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2018-081-01 du 9 ao\u00fbt 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2018-081-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2018-081-01_Embedded_FTP_Servers_for_Modicon_PAC_Controllers_Security_Notification_V3.0.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-222-04 du 9 ao\u00fbt 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-222-04_Modicon_PAC_Controllers_PLC_Simulator_Control_Expert_Process_Expert_Security_Notification_V2.0.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-01 du 9 ao\u00fbt 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-194-01_EcoStruxure_Control_Expert_Process_Expert_SCADAPack_RemoteConnect_Modicon_M580_M340_Security_Notifcation_V4.0.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-04 du 9 ao\u00fbt 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-04-Modicon_Controllers_Ethernet_Modules_Security_Notification_V1.1.pdf"
    }
  ]
}

CERTFR-2025-AVI-0756

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu Platform	Tanzu Platform for Cloud Foundry isolation segment versions antérieures à 6.0.19+LTS-T
VMware	Tanzu Platform	Tanzu Platform for Cloud Foundry isolation segment versions antérieures à 10.0.9
VMware	Tanzu Platform	Tanzu Platform for Cloud Foundry isolation segment 10.2.2+LTS-T
VMware	Tanzu Operations Manager	Tanzu Operations Manager versions antérieures à 3.1.2
VMware	Tanzu	Tanzu Scheduler versions antérieures à 2.0.20
VMware	Tanzu	Spring Cloud Services for VMware Tanzu versions antérieures à 3.3.9
VMware	Tanzu	Single Sign-On for VMware Tanzu Application Service versions antérieures à 1.16.12
VMware	Tanzu	Stemcells pour Ubuntu Jammy Azure Light versions antérieures à 1.894
VMware	Tanzu	Stemcells pour Ubuntu Jammy versions antérieures à 1.894
VMware	Tanzu	Tanzu Hub versions antérieures à 10.2.1
VMware	Tanzu	Java Buildpack versions antérieures à 4.84.0
VMware	Tanzu	Tanzu for MySQL on Cloud Foundry versions antérieures à 10.0.2
VMware	Tanzu	Tanzu GemFire versions antérieures à 10.1.4

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 36093	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36102	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36101	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36100	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36105	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36091	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36078	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36107	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36094	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36097	2025-09-04	vendor-advisory
Bulletin de sécurité VMware DSA-2025-46	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36108	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36095	2025-09-04	vendor-advisory
Bulletin de sécurité VMware DSA-2025-09	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36096	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36106	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36109	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36098	2025-09-04	vendor-advisory
Bulletin de sécurité VMware DSA-2025-68	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36103	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36099	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36092	2025-09-04	vendor-advisory
Bulletin de sécurité VMware 36110	2025-09-04	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tanzu Platform for Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 6.0.19+LTS-T",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform for Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 10.0.9",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform for Cloud Foundry isolation segment 10.2.2+LTS-T",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Operations Manager versions ant\u00e9rieures \u00e0 3.1.2",
      "product": {
        "name": "Tanzu Operations Manager",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Scheduler versions ant\u00e9rieures \u00e0 2.0.20",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Spring Cloud Services for VMware Tanzu versions ant\u00e9rieures \u00e0 3.3.9",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Single Sign-On for VMware Tanzu Application Service versions ant\u00e9rieures \u00e0 1.16.12",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Stemcells pour Ubuntu Jammy Azure Light versions ant\u00e9rieures \u00e0 1.894",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Stemcells pour Ubuntu Jammy versions ant\u00e9rieures \u00e0 1.894",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Hub versions ant\u00e9rieures \u00e0 10.2.1",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Java Buildpack versions ant\u00e9rieures \u00e0 4.84.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu for MySQL on Cloud Foundry versions ant\u00e9rieures \u00e0 10.0.2",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu GemFire versions ant\u00e9rieures \u00e0 10.1.4",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2019-25013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
    },
    {
      "name": "CVE-2025-4088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4088"
    },
    {
      "name": "CVE-2025-6395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
    },
    {
      "name": "CVE-2021-35636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35636"
    },
    {
      "name": "CVE-2013-4235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4235"
    },
    {
      "name": "CVE-2017-3613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3613"
    },
    {
      "name": "CVE-2025-30681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
    },
    {
      "name": "CVE-2025-0448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0448"
    },
    {
      "name": "CVE-2021-35583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35583"
    },
    {
      "name": "CVE-2025-3032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3032"
    },
    {
      "name": "CVE-2019-2585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2585"
    },
    {
      "name": "CVE-2021-2352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2352"
    },
    {
      "name": "CVE-2024-38807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38807"
    },
    {
      "name": "CVE-2025-37850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37850"
    },
    {
      "name": "CVE-2023-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
    },
    {
      "name": "CVE-2021-3236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3236"
    },
    {
      "name": "CVE-2023-7104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
    },
    {
      "name": "CVE-2020-14861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14861"
    },
    {
      "name": "CVE-2025-0242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0242"
    },
    {
      "name": "CVE-2022-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
    },
    {
      "name": "CVE-2015-4789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4789"
    },
    {
      "name": "CVE-2021-35639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35639"
    },
    {
      "name": "CVE-2023-40217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
    },
    {
      "name": "CVE-2018-3279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3279"
    },
    {
      "name": "CVE-2025-21975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21975"
    },
    {
      "name": "CVE-2023-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
    },
    {
      "name": "CVE-2019-2982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2982"
    },
    {
      "name": "CVE-2024-46821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46821"
    },
    {
      "name": "CVE-2022-21253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21253"
    },
    {
      "name": "CVE-2025-31115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31115"
    },
    {
      "name": "CVE-2024-10467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10467"
    },
    {
      "name": "CVE-2021-33294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33294"
    },
    {
      "name": "CVE-2022-21538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21538"
    },
    {
      "name": "CVE-2022-22965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
    },
    {
      "name": "CVE-2024-53203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53203"
    },
    {
      "name": "CVE-2025-5281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5281"
    },
    {
      "name": "CVE-2024-9681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
    },
    {
      "name": "CVE-2019-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2808"
    },
    {
      "name": "CVE-2011-3374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3374"
    },
    {
      "name": "CVE-2025-30689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
    },
    {
      "name": "CVE-2023-3138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3138"
    },
    {
      "name": "CVE-2024-11168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
    },
    {
      "name": "CVE-2021-35575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35575"
    },
    {
      "name": "CVE-2025-37892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37892"
    },
    {
      "name": "CVE-2025-39728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39728"
    },
    {
      "name": "CVE-2025-37859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37859"
    },
    {
      "name": "CVE-2025-8027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8027"
    },
    {
      "name": "CVE-2025-1372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1372"
    },
    {
      "name": "CVE-2022-21436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21436"
    },
    {
      "name": "CVE-2025-2857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2857"
    },
    {
      "name": "CVE-2025-30715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
    },
    {
      "name": "CVE-2020-14773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14773"
    },
    {
      "name": "CVE-2025-37792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37792"
    },
    {
      "name": "CVE-2023-5841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5841"
    },
    {
      "name": "CVE-2022-46908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46908"
    },
    {
      "name": "CVE-2024-28834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
    },
    {
      "name": "CVE-2021-38604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38604"
    },
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2023-46218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
    },
    {
      "name": "CVE-2025-30682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
    },
    {
      "name": "CVE-2023-22015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22015"
    },
    {
      "name": "CVE-2025-27818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27818"
    },
    {
      "name": "CVE-2019-2589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2589"
    },
    {
      "name": "CVE-2023-22103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22103"
    },
    {
      "name": "CVE-2022-49728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49728"
    },
    {
      "name": "CVE-2025-22025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22025"
    },
    {
      "name": "CVE-2022-21418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21418"
    },
    {
      "name": "CVE-2025-5222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
    },
    {
      "name": "CVE-2021-2441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2441"
    },
    {
      "name": "CVE-2025-1939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1939"
    },
    {
      "name": "CVE-2023-21877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21877"
    },
    {
      "name": "CVE-2023-6780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6780"
    },
    {
      "name": "CVE-2020-2921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2921"
    },
    {
      "name": "CVE-2021-2357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2357"
    },
    {
      "name": "CVE-2025-0440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0440"
    },
    {
      "name": "CVE-2024-21207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21207"
    },
    {
      "name": "CVE-2025-22027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22027"
    },
    {
      "name": "CVE-2025-27516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
    },
    {
      "name": "CVE-2024-38286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38286"
    },
    {
      "name": "CVE-2024-3220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3220"
    },
    {
      "name": "CVE-2025-4091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4091"
    },
    {
      "name": "CVE-2025-5065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5065"
    },
    {
      "name": "CVE-2025-0996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0996"
    },
    {
      "name": "CVE-2022-42010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42010"
    },
    {
      "name": "CVE-2015-4787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4787"
    },
    {
      "name": "CVE-2019-2596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2596"
    },
    {
      "name": "CVE-2019-2879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2879"
    },
    {
      "name": "CVE-2025-0445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0445"
    },
    {
      "name": "CVE-2019-2630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2630"
    },
    {
      "name": "CVE-2025-9308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9308"
    },
    {
      "name": "CVE-2019-2607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2607"
    },
    {
      "name": "CVE-2025-37766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37766"
    },
    {
      "name": "CVE-2022-21522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21522"
    },
    {
      "name": "CVE-2024-10459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10459"
    },
    {
      "name": "CVE-2019-2495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2495"
    },
    {
      "name": "CVE-2025-21853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21853"
    },
    {
      "name": "CVE-2023-22026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22026"
    },
    {
      "name": "CVE-2025-37844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37844"
    },
    {
      "name": "CVE-2016-0682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0682"
    },
    {
      "name": "CVE-2020-14829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14829"
    },
    {
      "name": "CVE-2020-14576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14576"
    },
    {
      "name": "CVE-2022-21529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21529"
    },
    {
      "name": "CVE-2025-37871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37871"
    },
    {
      "name": "CVE-2023-39017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39017"
    },
    {
      "name": "CVE-2024-46751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46751"
    },
    {
      "name": "CVE-2025-0434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0434"
    },
    {
      "name": "CVE-2022-21435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21435"
    },
    {
      "name": "CVE-2020-14777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14777"
    },
    {
      "name": "CVE-2021-25220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25220"
    },
    {
      "name": "CVE-2025-22872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
    },
    {
      "name": "CVE-2025-21941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21941"
    },
    {
      "name": "CVE-2025-8941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
    },
    {
      "name": "CVE-2019-3003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3003"
    },
    {
      "name": "CVE-2020-14839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14839"
    },
    {
      "name": "CVE-2019-3018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3018"
    },
    {
      "name": "CVE-2021-35623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35623"
    },
    {
      "name": "CVE-2023-38546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
    },
    {
      "name": "CVE-2022-21460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21460"
    },
    {
      "name": "CVE-2025-8881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8881"
    },
    {
      "name": "CVE-2019-2993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2993"
    },
    {
      "name": "CVE-2020-2686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2686"
    },
    {
      "name": "CVE-2025-41234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
    },
    {
      "name": "CVE-2021-2170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2170"
    },
    {
      "name": "CVE-2022-21379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21379"
    },
    {
      "name": "CVE-2021-2215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2215"
    },
    {
      "name": "CVE-2020-2752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2752"
    },
    {
      "name": "CVE-2025-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4609"
    },
    {
      "name": "CVE-2024-45339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
    },
    {
      "name": "CVE-2023-53034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-53034"
    },
    {
      "name": "CVE-2021-2022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2022"
    },
    {
      "name": "CVE-2024-10461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10461"
    },
    {
      "name": "CVE-2022-21526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21526"
    },
    {
      "name": "CVE-2021-2172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2172"
    },
    {
      "name": "CVE-2024-33602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
    },
    {
      "name": "CVE-2022-21528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21528"
    },
    {
      "name": "CVE-2025-23138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23138"
    },
    {
      "name": "CVE-2024-56664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56664"
    },
    {
      "name": "CVE-2025-38152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38152"
    },
    {
      "name": "CVE-2014-4715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4715"
    },
    {
      "name": "CVE-2024-36945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36945"
    },
    {
      "name": "CVE-2021-2299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2299"
    },
    {
      "name": "CVE-2020-2892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2892"
    },
    {
      "name": "CVE-2025-5959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5959"
    },
    {
      "name": "CVE-2024-45772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45772"
    },
    {
      "name": "CVE-2016-2149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2149"
    },
    {
      "name": "CVE-2025-37790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37790"
    },
    {
      "name": "CVE-2020-29562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29562"
    },
    {
      "name": "CVE-2025-0913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
    },
    {
      "name": "CVE-2015-4776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4776"
    },
    {
      "name": "CVE-2023-21865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21865"
    },
    {
      "name": "CVE-2017-3616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3616"
    },
    {
      "name": "CVE-2025-27817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27817"
    },
    {
      "name": "CVE-2021-35640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35640"
    },
    {
      "name": "CVE-2024-10464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10464"
    },
    {
      "name": "CVE-2025-22021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22021"
    },
    {
      "name": "CVE-2015-4785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4785"
    },
    {
      "name": "CVE-2020-2853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2853"
    },
    {
      "name": "CVE-2025-37758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37758"
    },
    {
      "name": "CVE-2025-2783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2783"
    },
    {
      "name": "CVE-2025-1414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1414"
    },
    {
      "name": "CVE-2025-47907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
    },
    {
      "name": "CVE-2018-3170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3170"
    },
    {
      "name": "CVE-2020-2774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2774"
    },
    {
      "name": "CVE-2020-14771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14771"
    },
    {
      "name": "CVE-2025-49146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
    },
    {
      "name": "CVE-2025-3066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3066"
    },
    {
      "name": "CVE-2022-1292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
    },
    {
      "name": "CVE-2024-46787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46787"
    },
    {
      "name": "CVE-2019-2685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2685"
    },
    {
      "name": "CVE-2021-2196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2196"
    },
    {
      "name": "CVE-2023-45853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
    },
    {
      "name": "CVE-2024-21197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21197"
    },
    {
      "name": "CVE-2024-47611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47611"
    },
    {
      "name": "CVE-2025-8037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8037"
    },
    {
      "name": "CVE-2025-4918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4918"
    },
    {
      "name": "CVE-2023-21881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21881"
    },
    {
      "name": "CVE-2022-49168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49168"
    },
    {
      "name": "CVE-2020-14540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14540"
    },
    {
      "name": "CVE-2025-45582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
    },
    {
      "name": "CVE-2024-50125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50125"
    },
    {
      "name": "CVE-2025-37841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37841"
    },
    {
      "name": "CVE-2025-30703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
    },
    {
      "name": "CVE-2025-2136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2136"
    },
    {
      "name": "CVE-2022-48522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48522"
    },
    {
      "name": "CVE-2025-0439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0439"
    },
    {
      "name": "CVE-2023-45288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
    },
    {
      "name": "CVE-2021-2305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2305"
    },
    {
      "name": "CVE-2025-37770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37770"
    },
    {
      "name": "CVE-2025-37773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37773"
    },
    {
      "name": "CVE-2023-2602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2602"
    },
    {
      "name": "CVE-2021-20304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20304"
    },
    {
      "name": "CVE-2025-6069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
    },
    {
      "name": "CVE-2025-4090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4090"
    },
    {
      "name": "CVE-2017-10140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10140"
    },
    {
      "name": "CVE-2022-0667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0667"
    },
    {
      "name": "CVE-2024-6232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
    },
    {
      "name": "CVE-2025-22050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22050"
    },
    {
      "name": "CVE-2019-2740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2740"
    },
    {
      "name": "CVE-2025-9180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9180"
    },
    {
      "name": "CVE-2025-8581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8581"
    },
    {
      "name": "CVE-2024-50047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
    },
    {
      "name": "CVE-2025-1919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1919"
    },
    {
      "name": "CVE-2025-39735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39735"
    },
    {
      "name": "CVE-2025-3030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3030"
    },
    {
      "name": "CVE-2025-24813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
    },
    {
      "name": "CVE-2018-1273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1273"
    },
    {
      "name": "CVE-2022-21297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21297"
    },
    {
      "name": "CVE-2023-47100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47100"
    },
    {
      "name": "CVE-2025-37983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37983"
    },
    {
      "name": "CVE-2015-4764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4764"
    },
    {
      "name": "CVE-2020-2901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2901"
    },
    {
      "name": "CVE-2025-0241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0241"
    },
    {
      "name": "CVE-2020-1752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1752"
    },
    {
      "name": "CVE-2015-4779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4779"
    },
    {
      "name": "CVE-2020-2694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2694"
    },
    {
      "name": "CVE-2025-8034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8034"
    },
    {
      "name": "CVE-2025-37798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37798"
    },
    {
      "name": "CVE-2025-37819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37819"
    },
    {
      "name": "CVE-2025-4664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4664"
    },
    {
      "name": "CVE-2021-2160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2160"
    },
    {
      "name": "CVE-2025-49794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
    },
    {
      "name": "CVE-2021-35596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35596"
    },
    {
      "name": "CVE-2024-9287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
    },
    {
      "name": "CVE-2025-49710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49710"
    },
    {
      "name": "CVE-2025-22004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
    },
    {
      "name": "CVE-2021-2427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2427"
    },
    {
      "name": "CVE-2024-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2021-35624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35624"
    },
    {
      "name": "CVE-2019-2819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2819"
    },
    {
      "name": "CVE-2023-36632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
    },
    {
      "name": "CVE-2024-35867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35867"
    },
    {
      "name": "CVE-2022-21452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21452"
    },
    {
      "name": "CVE-2007-4559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4559"
    },
    {
      "name": "CVE-2021-2164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2164"
    },
    {
      "name": "CVE-2021-2374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2374"
    },
    {
      "name": "CVE-2020-14547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14547"
    },
    {
      "name": "CVE-2025-21839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21839"
    },
    {
      "name": "CVE-2020-14870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14870"
    },
    {
      "name": "CVE-2025-9182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9182"
    },
    {
      "name": "CVE-2021-35612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35612"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2022-3715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3715"
    },
    {
      "name": "CVE-2023-4016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4016"
    },
    {
      "name": "CVE-2024-22047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22047"
    },
    {
      "name": "CVE-2015-4780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4780"
    },
    {
      "name": "CVE-2025-38023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38023"
    },
    {
      "name": "CVE-2019-2811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2811"
    },
    {
      "name": "CVE-2024-56171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
    },
    {
      "name": "CVE-2023-21874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21874"
    },
    {
      "name": "CVE-2024-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
    },
    {
      "name": "CVE-2023-43785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43785"
    },
    {
      "name": "CVE-2025-30696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
    },
    {
      "name": "CVE-2022-25883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
    },
    {
      "name": "CVE-2019-2774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2774"
    },
    {
      "name": "CVE-2019-2803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2803"
    },
    {
      "name": "CVE-2008-5727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5727"
    },
    {
      "name": "CVE-2025-1426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1426"
    },
    {
      "name": "CVE-2025-6434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6434"
    },
    {
      "name": "CVE-2020-14785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14785"
    },
    {
      "name": "CVE-2024-46812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46812"
    },
    {
      "name": "CVE-2020-2760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2760"
    },
    {
      "name": "CVE-2025-5066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5066"
    },
    {
      "name": "CVE-2021-2424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2424"
    },
    {
      "name": "CVE-2021-35604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35604"
    },
    {
      "name": "CVE-2025-37789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37789"
    },
    {
      "name": "CVE-2019-2814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2814"
    },
    {
      "name": "CVE-2025-24970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
    },
    {
      "name": "CVE-2019-2606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2606"
    },
    {
      "name": "CVE-2022-3515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3515"
    },
    {
      "name": "CVE-2024-0760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0760"
    },
    {
      "name": "CVE-2022-21530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21530"
    },
    {
      "name": "CVE-2024-11698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11698"
    },
    {
      "name": "CVE-2024-46816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46816"
    },
    {
      "name": "CVE-2015-4754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4754"
    },
    {
      "name": "CVE-2020-14891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14891"
    },
    {
      "name": "CVE-2019-2966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2966"
    },
    {
      "name": "CVE-2022-21415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21415"
    },
    {
      "name": "CVE-2023-45322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45322"
    },
    {
      "name": "CVE-2021-2180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2180"
    },
    {
      "name": "CVE-2022-39046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39046"
    },
    {
      "name": "CVE-2025-21584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
    },
    {
      "name": "CVE-2019-2780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2780"
    },
    {
      "name": "CVE-2025-5064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5064"
    },
    {
      "name": "CVE-2021-35939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
    },
    {
      "name": "CVE-2021-35537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35537"
    },
    {
      "name": "CVE-2024-38819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2025-37867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37867"
    },
    {
      "name": "CVE-2021-2385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2385"
    },
    {
      "name": "CVE-2019-2530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2530"
    },
    {
      "name": "CVE-2019-2743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2743"
    },
    {
      "name": "CVE-2025-37857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37857"
    },
    {
      "name": "CVE-2024-13176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
    },
    {
      "name": "CVE-2023-22007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22007"
    },
    {
      "name": "CVE-2019-2737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2737"
    },
    {
      "name": "CVE-2018-1000169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000169"
    },
    {
      "name": "CVE-2025-7962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
    },
    {
      "name": "CVE-2023-21878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21878"
    },
    {
      "name": "CVE-2024-58251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
    },
    {
      "name": "CVE-2025-1931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1931"
    },
    {
      "name": "CVE-2025-0612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0612"
    },
    {
      "name": "CVE-2023-28322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
    },
    {
      "name": "CVE-2025-37937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37937"
    },
    {
      "name": "CVE-2021-2194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2194"
    },
    {
      "name": "CVE-2021-3421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3421"
    },
    {
      "name": "CVE-2015-4790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4790"
    },
    {
      "name": "CVE-2025-4598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
    },
    {
      "name": "CVE-2025-27144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27144"
    },
    {
      "name": "CVE-2024-6174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6174"
    },
    {
      "name": "CVE-2025-7656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7656"
    },
    {
      "name": "CVE-2024-7012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7012"
    },
    {
      "name": "CVE-2025-0237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0237"
    },
    {
      "name": "CVE-2019-2991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2991"
    },
    {
      "name": "CVE-2025-5264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5264"
    },
    {
      "name": "CVE-2025-37927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37927"
    },
    {
      "name": "CVE-2020-14804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14804"
    },
    {
      "name": "CVE-2013-1548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1548"
    },
    {
      "name": "CVE-2019-2752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2752"
    },
    {
      "name": "CVE-2025-37911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37911"
    },
    {
      "name": "CVE-2024-26686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26686"
    },
    {
      "name": "CVE-2020-2804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2804"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2023-6779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6779"
    },
    {
      "name": "CVE-2023-5363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
    },
    {
      "name": "CVE-2025-5115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
    },
    {
      "name": "CVE-2025-4085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4085"
    },
    {
      "name": "CVE-2022-21302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21302"
    },
    {
      "name": "CVE-2021-2412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2412"
    },
    {
      "name": "CVE-2019-2997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2997"
    },
    {
      "name": "CVE-2025-3028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3028"
    },
    {
      "name": "CVE-2019-2746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2746"
    },
    {
      "name": "CVE-2025-9181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9181"
    },
    {
      "name": "CVE-2025-6192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6192"
    },
    {
      "name": "CVE-2025-2817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2817"
    },
    {
      "name": "CVE-2021-45105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
    },
    {
      "name": "CVE-2025-5268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5268"
    },
    {
      "name": "CVE-2022-21589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21589"
    },
    {
      "name": "CVE-2024-13009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
    },
    {
      "name": "CVE-2022-49043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
    },
    {
      "name": "CVE-2022-21517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21517"
    },
    {
      "name": "CVE-2019-3004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3004"
    },
    {
      "name": "CVE-2024-53144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
    },
    {
      "name": "CVE-2015-2624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2624"
    },
    {
      "name": "CVE-2022-2068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
    },
    {
      "name": "CVE-2025-38637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38637"
    },
    {
      "name": "CVE-2019-2826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2826"
    },
    {
      "name": "CVE-2024-53128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53128"
    },
    {
      "name": "CVE-2024-21198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21198"
    },
    {
      "name": "CVE-2020-2928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2928"
    },
    {
      "name": "CVE-2025-37930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37930"
    },
    {
      "name": "CVE-2019-2914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2914"
    },
    {
      "name": "CVE-2020-14844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14844"
    },
    {
      "name": "CVE-2025-22055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22055"
    },
    {
      "name": "CVE-2021-20266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20266"
    },
    {
      "name": "CVE-2025-37810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37810"
    },
    {
      "name": "CVE-2024-1737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
    },
    {
      "name": "CVE-2024-34447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
    },
    {
      "name": "CVE-2020-2770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2770"
    },
    {
      "name": "CVE-2021-35608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35608"
    },
    {
      "name": "CVE-2025-1371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1371"
    },
    {
      "name": "CVE-2024-12798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
    },
    {
      "name": "CVE-2021-2201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2201"
    },
    {
      "name": "CVE-2025-0938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
    },
    {
      "name": "CVE-2025-5372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
    },
    {
      "name": "CVE-2008-5729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5729"
    },
    {
      "name": "CVE-2022-27782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
    },
    {
      "name": "CVE-2023-21883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21883"
    },
    {
      "name": "CVE-2025-27210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
    },
    {
      "name": "CVE-2024-33600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
    },
    {
      "name": "CVE-2015-2654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2654"
    },
    {
      "name": "CVE-2019-2617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2617"
    },
    {
      "name": "CVE-2024-21201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21201"
    },
    {
      "name": "CVE-2021-35647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35647"
    },
    {
      "name": "CVE-2020-14559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14559"
    },
    {
      "name": "CVE-2025-23159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23159"
    },
    {
      "name": "CVE-2025-1932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1932"
    },
    {
      "name": "CVE-2015-4778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4778"
    },
    {
      "name": "CVE-2022-21539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21539"
    },
    {
      "name": "CVE-2025-3072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3072"
    },
    {
      "name": "CVE-2025-49125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
    },
    {
      "name": "CVE-2025-50106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
    },
    {
      "name": "CVE-2025-0451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0451"
    },
    {
      "name": "CVE-2022-21440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21440"
    },
    {
      "name": "CVE-2023-21977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21977"
    },
    {
      "name": "CVE-2025-48060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
    },
    {
      "name": "CVE-2020-2761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2761"
    },
    {
      "name": "CVE-2022-21531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21531"
    },
    {
      "name": "CVE-2024-10458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10458"
    },
    {
      "name": "CVE-2024-10463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10463"
    },
    {
      "name": "CVE-2021-2300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2300"
    },
    {
      "name": "CVE-2022-21304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21304"
    },
    {
      "name": "CVE-2024-10468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10468"
    },
    {
      "name": "CVE-2020-1971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
    },
    {
      "name": "CVE-2021-2202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2202"
    },
    {
      "name": "CVE-2020-14873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14873"
    },
    {
      "name": "CVE-2022-49636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49636"
    },
    {
      "name": "CVE-2023-4813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
    },
    {
      "name": "CVE-2017-3617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3617"
    },
    {
      "name": "CVE-2024-11703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11703"
    },
    {
      "name": "CVE-2021-23337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
    },
    {
      "name": "CVE-2019-2626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2626"
    },
    {
      "name": "CVE-2025-1010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1010"
    },
    {
      "name": "CVE-2022-21479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21479"
    },
    {
      "name": "CVE-2025-4877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4877"
    },
    {
      "name": "CVE-2024-49960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
    },
    {
      "name": "CVE-2017-3615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3615"
    },
    {
      "name": "CVE-2023-28320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
    },
    {
      "name": "CVE-2025-37741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37741"
    },
    {
      "name": "CVE-2025-30683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
    },
    {
      "name": "CVE-2025-30699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
    },
    {
      "name": "CVE-2023-46129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46129"
    },
    {
      "name": "CVE-2024-10460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10460"
    },
    {
      "name": "CVE-2024-4030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4030"
    },
    {
      "name": "CVE-2025-27587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27587"
    },
    {
      "name": "CVE-2019-3009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3009"
    },
    {
      "name": "CVE-2021-2307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2307"
    },
    {
      "name": "CVE-2025-8880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8880"
    },
    {
      "name": "CVE-2020-2679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2679"
    },
    {
      "name": "CVE-2019-2938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2938"
    },
    {
      "name": "CVE-2025-37912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37912"
    },
    {
      "name": "CVE-2023-22070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22070"
    },
    {
      "name": "CVE-2023-39810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39810"
    },
    {
      "name": "CVE-2021-2014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2014"
    },
    {
      "name": "CVE-2021-2230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2230"
    },
    {
      "name": "CVE-2023-21875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21875"
    },
    {
      "name": "CVE-2025-37985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37985"
    },
    {
      "name": "CVE-2022-21515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21515"
    },
    {
      "name": "CVE-2025-1390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1390"
    },
    {
      "name": "CVE-2024-33599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
    },
    {
      "name": "CVE-2020-2897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2897"
    },
    {
      "name": "CVE-2025-37787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37787"
    },
    {
      "name": "CVE-2025-1920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1920"
    },
    {
      "name": "CVE-2025-6297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6297"
    },
    {
      "name": "CVE-2025-22035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22035"
    },
    {
      "name": "CVE-2025-4089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4089"
    },
    {
      "name": "CVE-2024-58093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
    },
    {
      "name": "CVE-2020-2574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2574"
    },
    {
      "name": "CVE-2017-3608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3608"
    },
    {
      "name": "CVE-2020-14769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14769"
    },
    {
      "name": "CVE-2025-47268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
    },
    {
      "name": "CVE-2022-21527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21527"
    },
    {
      "name": "CVE-2025-30754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
    },
    {
      "name": "CVE-2024-31047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31047"
    },
    {
      "name": "CVE-2024-28180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
    },
    {
      "name": "CVE-2023-28484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
    },
    {
      "name": "CVE-2019-2708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2708"
    },
    {
      "name": "CVE-2016-0692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0692"
    },
    {
      "name": "CVE-2016-2160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2160"
    },
    {
      "name": "CVE-2025-22233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
    },
    {
      "name": "CVE-2025-9179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9179"
    },
    {
      "name": "CVE-2021-23169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23169"
    },
    {
      "name": "CVE-2023-46219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46219"
    },
    {
      "name": "CVE-2023-47038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
    },
    {
      "name": "CVE-2021-35635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35635"
    },
    {
      "name": "CVE-2025-3068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3068"
    },
    {
      "name": "CVE-2025-3619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3619"
    },
    {
      "name": "CVE-2023-5981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
    },
    {
      "name": "CVE-2025-3031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3031"
    },
    {
      "name": "CVE-2020-10878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10878"
    },
    {
      "name": "CVE-2023-27043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
    },
    {
      "name": "CVE-2025-1016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1016"
    },
    {
      "name": "CVE-2015-4782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4782"
    },
    {
      "name": "CVE-2025-4096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4096"
    },
    {
      "name": "CVE-2025-21959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21959"
    },
    {
      "name": "CVE-2024-38809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
    },
    {
      "name": "CVE-2021-35610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35610"
    },
    {
      "name": "CVE-2017-3610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3610"
    },
    {
      "name": "CVE-2023-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
    },
    {
      "name": "CVE-2024-30172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
    },
    {
      "name": "CVE-2021-2429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2429"
    },
    {
      "name": "CVE-2025-5915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5915"
    },
    {
      "name": "CVE-2024-11700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11700"
    },
    {
      "name": "CVE-2024-11708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11708"
    },
    {
      "name": "CVE-2025-38024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38024"
    },
    {
      "name": "CVE-2020-2922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2922"
    },
    {
      "name": "CVE-2020-2660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2660"
    },
    {
      "name": "CVE-2022-49063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49063"
    },
    {
      "name": "CVE-2024-21213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21213"
    },
    {
      "name": "CVE-2025-5917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5917"
    },
    {
      "name": "CVE-2023-35116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
    },
    {
      "name": "CVE-2019-2969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2969"
    },
    {
      "name": "CVE-2025-0247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0247"
    },
    {
      "name": "CVE-2025-5263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5263"
    },
    {
      "name": "CVE-2017-12195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12195"
    },
    {
      "name": "CVE-2024-51744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
    },
    {
      "name": "CVE-2024-38820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
    },
    {
      "name": "CVE-2022-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
    },
    {
      "name": "CVE-2025-37889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37889"
    },
    {
      "name": "CVE-2021-35602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35602"
    },
    {
      "name": "CVE-2015-4788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4788"
    },
    {
      "name": "CVE-2021-2146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2146"
    },
    {
      "name": "CVE-2024-11701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11701"
    },
    {
      "name": "CVE-2023-21872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21872"
    },
    {
      "name": "CVE-2025-0443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0443"
    },
    {
      "name": "CVE-2025-1019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1019"
    },
    {
      "name": "CVE-2024-45338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
    },
    {
      "name": "CVE-2025-21981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21981"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2021-35577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35577"
    },
    {
      "name": "CVE-2025-6965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
    },
    {
      "name": "CVE-2020-14869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14869"
    },
    {
      "name": "CVE-2021-35646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35646"
    },
    {
      "name": "CVE-2022-21303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21303"
    },
    {
      "name": "CVE-2024-11584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11584"
    },
    {
      "name": "CVE-2025-50182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
    },
    {
      "name": "CVE-2020-2579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2579"
    },
    {
      "name": "CVE-2019-2778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2778"
    },
    {
      "name": "CVE-2020-2981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2981"
    },
    {
      "name": "CVE-2025-4052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4052"
    },
    {
      "name": "CVE-2025-1941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1941"
    },
    {
      "name": "CVE-2019-2625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2625"
    },
    {
      "name": "CVE-2024-21219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21219"
    },
    {
      "name": "CVE-2025-8044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8044"
    },
    {
      "name": "CVE-2021-35607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35607"
    },
    {
      "name": "CVE-2019-2957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2957"
    },
    {
      "name": "CVE-2019-7317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
    },
    {
      "name": "CVE-2021-35625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35625"
    },
    {
      "name": "CVE-2025-38005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38005"
    },
    {
      "name": "CVE-2025-8194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
    },
    {
      "name": "CVE-2025-22014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22014"
    },
    {
      "name": "CVE-2024-21194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21194"
    },
    {
      "name": "CVE-2021-2174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2174"
    },
    {
      "name": "CVE-2025-7657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7657"
    },
    {
      "name": "CVE-2019-2494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2494"
    },
    {
      "name": "CVE-2025-8041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8041"
    },
    {
      "name": "CVE-2016-3418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3418"
    },
    {
      "name": "CVE-2022-29824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29824"
    },
    {
      "name": "CVE-2024-11053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
    },
    {
      "name": "CVE-2024-7264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
    },
    {
      "name": "CVE-2019-2911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2911"
    },
    {
      "name": "CVE-2019-2802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2802"
    },
    {
      "name": "CVE-2022-21414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21414"
    },
    {
      "name": "CVE-2025-32462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
    },
    {
      "name": "CVE-2021-2203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2203"
    },
    {
      "name": "CVE-2019-2536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2536"
    },
    {
      "name": "CVE-2025-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3620"
    },
    {
      "name": "CVE-2021-2208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2208"
    },
    {
      "name": "CVE-2019-2923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2923"
    },
    {
      "name": "CVE-2022-49535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49535"
    },
    {
      "name": "CVE-2024-21196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21196"
    },
    {
      "name": "CVE-2025-50181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
    },
    {
      "name": "CVE-2024-21742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21742"
    },
    {
      "name": "CVE-2015-2656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2656"
    },
    {
      "name": "CVE-2022-21617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21617"
    },
    {
      "name": "CVE-2021-2422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2422"
    },
    {
      "name": "CVE-2020-14790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14790"
    },
    {
      "name": "CVE-2025-1795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
    },
    {
      "name": "CVE-2025-23158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23158"
    },
    {
      "name": "CVE-2025-21996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21996"
    },
    {
      "name": "CVE-2022-21358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21358"
    },
    {
      "name": "CVE-2017-3612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3612"
    },
    {
      "name": "CVE-2025-23144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23144"
    },
    {
      "name": "CVE-2025-37969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37969"
    },
    {
      "name": "CVE-2024-21199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21199"
    },
    {
      "name": "CVE-2019-2967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2967"
    },
    {
      "name": "CVE-2018-3186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3186"
    },
    {
      "name": "CVE-2022-48893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48893"
    },
    {
      "name": "CVE-2025-6435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6435"
    },
    {
      "name": "CVE-2023-31439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31439"
    },
    {
      "name": "CVE-2023-51074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
    },
    {
      "name": "CVE-2024-11692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11692"
    },
    {
      "name": "CVE-2020-2930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2930"
    },
    {
      "name": "CVE-2025-37742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37742"
    },
    {
      "name": "CVE-2025-23136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23136"
    },
    {
      "name": "CVE-2022-21608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21608"
    },
    {
      "name": "CVE-2025-37785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37785"
    },
    {
      "name": "CVE-2021-2354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2354"
    },
    {
      "name": "CVE-2025-37765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37765"
    },
    {
      "name": "CVE-2025-48964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48964"
    },
    {
      "name": "CVE-2025-21574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
    },
    {
      "name": "CVE-2022-42011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42011"
    },
    {
      "name": "CVE-2023-5189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5189"
    },
    {
      "name": "CVE-2025-21957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21957"
    },
    {
      "name": "CVE-2025-8901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8901"
    },
    {
      "name": "CVE-2025-1020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1020"
    },
    {
      "name": "CVE-2025-4674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
    },
    {
      "name": "CVE-2025-30258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30258"
    },
    {
      "name": "CVE-2025-21999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21999"
    },
    {
      "name": "CVE-2021-2367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2367"
    },
    {
      "name": "CVE-2025-0446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0446"
    },
    {
      "name": "CVE-2024-56406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56406"
    },
    {
      "name": "CVE-2021-35626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35626"
    },
    {
      "name": "CVE-2019-2535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2535"
    },
    {
      "name": "CVE-2025-23161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23161"
    },
    {
      "name": "CVE-2025-0435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0435"
    },
    {
      "name": "CVE-2021-2384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2384"
    },
    {
      "name": "CVE-2015-4784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4784"
    },
    {
      "name": "CVE-2020-14799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14799"
    },
    {
      "name": "CVE-2023-4527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4527"
    },
    {
      "name": "CVE-2025-5278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5278"
    },
    {
      "name": "CVE-2025-37803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37803"
    },
    {
      "name": "CVE-2025-21992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21992"
    },
    {
      "name": "CVE-2021-35632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35632"
    },
    {
      "name": "CVE-2025-52999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
    },
    {
      "name": "CVE-2023-34055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34055"
    },
    {
      "name": "CVE-2024-56433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
    },
    {
      "name": "CVE-2019-2796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2796"
    },
    {
      "name": "CVE-2025-37824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37824"
    },
    {
      "name": "CVE-2023-0464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
    },
    {
      "name": "CVE-2022-21342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21342"
    },
    {
      "name": "CVE-2023-4156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4156"
    },
    {
      "name": "CVE-2025-21580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
    },
    {
      "name": "CVE-2020-14793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14793"
    },
    {
      "name": "CVE-2025-5318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
    },
    {
      "name": "CVE-2025-0999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0999"
    },
    {
      "name": "CVE-2025-1921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1921"
    },
    {
      "name": "CVE-2025-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
    },
    {
      "name": "CVE-2021-2007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2007"
    },
    {
      "name": "CVE-2025-37923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37923"
    },
    {
      "name": "CVE-2012-5783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5783"
    },
    {
      "name": "CVE-2025-8882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8882"
    },
    {
      "name": "CVE-2025-22044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22044"
    },
    {
      "name": "CVE-2019-2798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2798"
    },
    {
      "name": "CVE-2022-0213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0213"
    },
    {
      "name": "CVE-2024-53051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53051"
    },
    {
      "name": "CVE-2020-14789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14789"
    },
    {
      "name": "CVE-2025-22062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22062"
    },
    {
      "name": "CVE-2025-21575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
    },
    {
      "name": "CVE-2025-37739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37739"
    },
    {
      "name": "CVE-2021-2389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2389"
    },
    {
      "name": "CVE-2023-21840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21840"
    },
    {
      "name": "CVE-2025-38575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38575"
    },
    {
      "name": "CVE-2025-8577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8577"
    },
    {
      "name": "CVE-2024-11699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11699"
    },
    {
      "name": "CVE-2019-2789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2789"
    },
    {
      "name": "CVE-2025-22018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22018"
    },
    {
      "name": "CVE-2020-2893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2893"
    },
    {
      "name": "CVE-2020-14765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14765"
    },
    {
      "name": "CVE-2025-3277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3277"
    },
    {
      "name": "CVE-2018-3137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3137"
    },
    {
      "name": "CVE-2025-21577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
    },
    {
      "name": "CVE-2025-37940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37940"
    },
    {
      "name": "CVE-2022-21270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21270"
    },
    {
      "name": "CVE-2019-2784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2784"
    },
    {
      "name": "CVE-2025-21970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21970"
    },
    {
      "name": "CVE-2025-22056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22056"
    },
    {
      "name": "CVE-2022-42012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42012"
    },
    {
      "name": "CVE-2025-4087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4087"
    },
    {
      "name": "CVE-2025-2135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2135"
    },
    {
      "name": "CVE-2018-3286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3286"
    },
    {
      "name": "CVE-2021-35648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35648"
    },
    {
      "name": "CVE-2023-21963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21963"
    },
    {
      "name": "CVE-2025-37964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37964"
    },
    {
      "name": "CVE-2025-3033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3033"
    },
    {
      "name": "CVE-2025-8879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8879"
    },
    {
      "name": "CVE-2020-14866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14866"
    },
    {
      "name": "CVE-2024-46742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46742"
    },
    {
      "name": "CVE-2024-50272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50272"
    },
    {
      "name": "CVE-2021-2437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2437"
    },
    {
      "name": "CVE-2025-37915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37915"
    },
    {
      "name": "CVE-2021-4193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4193"
    },
    {
      "name": "CVE-2025-6020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
    },
    {
      "name": "CVE-2015-2626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2626"
    },
    {
      "name": "CVE-2025-23146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23146"
    },
    {
      "name": "CVE-2021-2193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2193"
    },
    {
      "name": "CVE-2024-11395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11395"
    },
    {
      "name": "CVE-2020-2577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2577"
    },
    {
      "name": "CVE-2025-23142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23142"
    },
    {
      "name": "CVE-2020-10029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
    },
    {
      "name": "CVE-2025-7425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
    },
    {
      "name": "CVE-2019-2758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2758"
    },
    {
      "name": "CVE-2023-3978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
    },
    {
      "name": "CVE-2019-2810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2810"
    },
    {
      "name": "CVE-2024-35790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35790"
    },
    {
      "name": "CVE-2025-37738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37738"
    },
    {
      "name": "CVE-2023-29469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29469"
    },
    {
      "name": "CVE-2025-2137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2137"
    },
    {
      "name": "CVE-2024-5535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2025-5419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5419"
    },
    {
      "name": "CVE-2021-2418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2418"
    },
    {
      "name": "CVE-2023-27535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
    },
    {
      "name": "CVE-2025-37830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37830"
    },
    {
      "name": "CVE-2019-2631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2631"
    },
    {
      "name": "CVE-2019-2805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2805"
    },
    {
      "name": "CVE-2025-37991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37991"
    },
    {
      "name": "CVE-2025-23085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
    },
    {
      "name": "CVE-2024-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
    },
    {
      "name": "CVE-2023-21866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21866"
    },
    {
      "name": "CVE-2021-2411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2411"
    },
    {
      "name": "CVE-2020-2790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2790"
    },
    {
      "name": "CVE-2023-52572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52572"
    },
    {
      "name": "CVE-2019-2623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2623"
    },
    {
      "name": "CVE-2024-12801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
    },
    {
      "name": "CVE-2025-37781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37781"
    },
    {
      "name": "CVE-2025-6557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6557"
    },
    {
      "name": "CVE-2024-3219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
    },
    {
      "name": "CVE-2015-4781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4781"
    },
    {
      "name": "CVE-2021-35597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35597"
    },
    {
      "name": "CVE-2025-1916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1916"
    },
    {
      "name": "CVE-2025-37797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
    },
    {
      "name": "CVE-2025-23145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23145"
    },
    {
      "name": "CVE-2021-2425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2425"
    },
    {
      "name": "CVE-2025-1006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1006"
    },
    {
      "name": "CVE-2021-2390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2390"
    },
    {
      "name": "CVE-2022-21553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21553"
    },
    {
      "name": "CVE-2022-21451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21451"
    },
    {
      "name": "CVE-2021-3999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3999"
    },
    {
      "name": "CVE-2012-6153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6153"
    },
    {
      "name": "CVE-2024-47554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
    },
    {
      "name": "CVE-2025-37823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37823"
    },
    {
      "name": "CVE-2022-21301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21301"
    },
    {
      "name": "CVE-2021-2001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2001"
    },
    {
      "name": "CVE-2024-27402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27402"
    },
    {
      "name": "CVE-2021-2144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2144"
    },
    {
      "name": "CVE-2025-8582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8582"
    },
    {
      "name": "CVE-2022-21264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21264"
    },
    {
      "name": "CVE-2020-14836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14836"
    },
    {
      "name": "CVE-2021-3875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3875"
    },
    {
      "name": "CVE-2021-2444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2444"
    },
    {
      "name": "CVE-2025-1933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1933"
    },
    {
      "name": "CVE-2024-2004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
    },
    {
      "name": "CVE-2017-3605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3605"
    },
    {
      "name": "CVE-2025-23165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23165"
    },
    {
      "name": "CVE-2022-40303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40303"
    },
    {
      "name": "CVE-2019-2785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2785"
    },
    {
      "name": "CVE-2023-45803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
    },
    {
      "name": "CVE-2024-6763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
    },
    {
      "name": "CVE-2025-1942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1942"
    },
    {
      "name": "CVE-2025-0239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0239"
    },
    {
      "name": "CVE-2021-2301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2301"
    },
    {
      "name": "CVE-2019-2797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2797"
    },
    {
      "name": "CVE-2020-2903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2903"
    },
    {
      "name": "CVE-2020-10543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10543"
    },
    {
      "name": "CVE-2022-21362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21362"
    },
    {
      "name": "CVE-2021-35628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35628"
    },
    {
      "name": "CVE-2025-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1377"
    },
    {
      "name": "CVE-2025-5265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5265"
    },
    {
      "name": "CVE-2024-11697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11697"
    },
    {
      "name": "CVE-2025-30705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
    },
    {
      "name": "CVE-2025-22005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22005"
    },
    {
      "name": "CVE-2021-4122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4122"
    },
    {
      "name": "CVE-2025-37740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37740"
    },
    {
      "name": "CVE-2019-2686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2686"
    },
    {
      "name": "CVE-2021-2154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2154"
    },
    {
      "name": "CVE-2019-10744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10744"
    },
    {
      "name": "CVE-2021-2399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2399"
    },
    {
      "name": "CVE-2025-22045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22045"
    },
    {
      "name": "CVE-2025-3067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3067"
    },
    {
      "name": "CVE-2020-2627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2627"
    },
    {
      "name": "CVE-2022-21509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21509"
    },
    {
      "name": "CVE-2025-50088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
    },
    {
      "name": "CVE-2005-2541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-2541"
    },
    {
      "name": "CVE-2025-37829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37829"
    },
    {
      "name": "CVE-2025-46394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
    },
    {
      "name": "CVE-2025-6170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6170"
    },
    {
      "name": "CVE-2021-35937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
    },
    {
      "name": "CVE-2023-22028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22028"
    },
    {
      "name": "CVE-2019-2946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2946"
    },
    {
      "name": "CVE-2025-8578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8578"
    },
    {
      "name": "CVE-2020-14888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14888"
    },
    {
      "name": "CVE-2025-8039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8039"
    },
    {
      "name": "CVE-2024-45337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
    },
    {
      "name": "CVE-2025-22010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22010"
    },
    {
      "name": "CVE-2024-25260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25260"
    },
    {
      "name": "CVE-2025-23151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23151"
    },
    {
      "name": "CVE-2017-3609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3609"
    },
    {
      "name": "CVE-2025-52520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
    },
    {
      "name": "CVE-2025-1011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1011"
    },
    {
      "name": "CVE-2017-3611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3611"
    },
    {
      "name": "CVE-2021-2010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2010"
    },
    {
      "name": "CVE-2024-53427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
    },
    {
      "name": "CVE-2025-43857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43857"
    },
    {
      "name": "CVE-2021-35546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35546"
    },
    {
      "name": "CVE-2021-2298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2298"
    },
    {
      "name": "CVE-2023-28321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
    },
    {
      "name": "CVE-2025-0442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0442"
    },
    {
      "name": "CVE-2025-37796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37796"
    },
    {
      "name": "CVE-2019-2694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2694"
    },
    {
      "name": "CVE-2025-8580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8580"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2025-1930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1930"
    },
    {
      "name": "CVE-2020-14809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14809"
    },
    {
      "name": "CVE-2022-2309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2309"
    },
    {
      "name": "CVE-2020-15358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
    },
    {
      "name": "CVE-2021-2339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2339"
    },
    {
      "name": "CVE-2025-54988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
    },
    {
      "name": "CVE-2025-0997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0997"
    },
    {
      "name": "CVE-2025-23083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
    },
    {
      "name": "CVE-2015-4777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4777"
    },
    {
      "name": "CVE-2020-14550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14550"
    },
    {
      "name": "CVE-2021-2162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2162"
    },
    {
      "name": "CVE-2025-37883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37883"
    },
    {
      "name": "CVE-2023-0687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0687"
    },
    {
      "name": "CVE-2018-3203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3203"
    },
    {
      "name": "CVE-2025-0441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0441"
    },
    {
      "name": "CVE-2025-37811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37811"
    },
    {
      "name": "CVE-2022-21457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21457"
    },
    {
      "name": "CVE-2023-5156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
    },
    {
      "name": "CVE-2019-2822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2822"
    },
    {
      "name": "CVE-2019-2502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2502"
    },
    {
      "name": "CVE-2022-2795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2795"
    },
    {
      "name": "CVE-2024-21212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21212"
    },
    {
      "name": "CVE-2021-32256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32256"
    },
    {
      "name": "CVE-2022-22942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
    },
    {
      "name": "CVE-2025-55163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
    },
    {
      "name": "CVE-2021-2032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2032"
    },
    {
      "name": "CVE-2017-8046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8046"
    },
    {
      "name": "CVE-2019-2801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2801"
    },
    {
      "name": "CVE-2024-21193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21193"
    },
    {
      "name": "CVE-2024-0553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
    },
    {
      "name": "CVE-2019-3011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3011"
    },
    {
      "name": "CVE-2022-44638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44638"
    },
    {
      "name": "CVE-2025-37767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37767"
    },
    {
      "name": "CVE-2023-21871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21871"
    },
    {
      "name": "CVE-2021-2356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2356"
    },
    {
      "name": "CVE-2020-2926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2926"
    },
    {
      "name": "CVE-2017-3614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3614"
    },
    {
      "name": "CVE-2020-14846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14846"
    },
    {
      "name": "CVE-2022-21249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21249"
    },
    {
      "name": "CVE-2024-21241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21241"
    },
    {
      "name": "CVE-2025-37989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37989"
    },
    {
      "name": "CVE-2021-2171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2171"
    },
    {
      "name": "CVE-2019-2436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2436"
    },
    {
      "name": "CVE-2022-21265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21265"
    },
    {
      "name": "CVE-2022-21254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21254"
    },
    {
      "name": "CVE-2025-1009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1009"
    },
    {
      "name": "CVE-2025-9185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9185"
    },
    {
      "name": "CVE-2025-4878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4878"
    },
    {
      "name": "CVE-2024-11695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11695"
    },
    {
      "name": "CVE-2025-6433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6433"
    },
    {
      "name": "CVE-2024-35195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
    },
    {
      "name": "CVE-2019-2513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2513"
    },
    {
      "name": "CVE-2025-32990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
    },
    {
      "name": "CVE-2020-14827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14827"
    },
    {
      "name": "CVE-2025-6427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6427"
    },
    {
      "name": "CVE-2019-2689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2689"
    },
    {
      "name": "CVE-2025-6430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6430"
    },
    {
      "name": "CVE-2019-2747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2747"
    },
    {
      "name": "CVE-2025-4092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4092"
    },
    {
      "name": "CVE-2025-9288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
    },
    {
      "name": "CVE-2020-2904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2904"
    },
    {
      "name": "CVE-2019-2998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2998"
    },
    {
      "name": "CVE-2024-50280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50280"
    },
    {
      "name": "CVE-2021-2178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2178"
    },
    {
      "name": "CVE-2021-35591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35591"
    },
    {
      "name": "CVE-2025-22060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22060"
    },
    {
      "name": "CVE-2023-2603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
    },
    {
      "name": "CVE-2025-0995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0995"
    },
    {
      "name": "CVE-2025-6429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6429"
    },
    {
      "name": "CVE-2025-4802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
    },
    {
      "name": "CVE-2022-21455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21455"
    },
    {
      "name": "CVE-2024-11704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11704"
    },
    {
      "name": "CVE-2025-21994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21994"
    },
    {
      "name": "CVE-2025-30684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
    },
    {
      "name": "CVE-2022-21413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21413"
    },
    {
      "name": "CVE-2022-0635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0635"
    },
    {
      "name": "CVE-2025-48989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
    },
    {
      "name": "CVE-2022-21372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21372"
    },
    {
      "name": "CVE-2018-3182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3182"
    },
    {
      "name": "CVE-2024-9143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
    },
    {
      "name": "CVE-2020-12723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12723"
    },
    {
      "name": "CVE-2023-22032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22032"
    },
    {
      "name": "CVE-2021-3521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3521"
    },
    {
      "name": "CVE-2021-35637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35637"
    },
    {
      "name": "CVE-2022-21595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21595"
    },
    {
      "name": "CVE-2025-1943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1943"
    },
    {
      "name": "CVE-2025-37768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37768"
    },
    {
      "name": "CVE-2025-5272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5272"
    },
    {
      "name": "CVE-2024-33601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
    },
    {
      "name": "CVE-2025-32989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
    },
    {
      "name": "CVE-2021-20298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20298"
    },
    {
      "name": "CVE-2023-21887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21887"
    },
    {
      "name": "CVE-2025-22874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
    },
    {
      "name": "CVE-2019-2624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2624"
    },
    {
      "name": "CVE-2021-22055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22055"
    },
    {
      "name": "CVE-2020-2812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2812"
    },
    {
      "name": "CVE-2022-1271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
    },
    {
      "name": "CVE-2025-6556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6556"
    },
    {
      "name": "CVE-2025-8262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8262"
    },
    {
      "name": "CVE-2024-28085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
    },
    {
      "name": "CVE-2025-1917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1917"
    },
    {
      "name": "CVE-2022-21256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21256"
    },
    {
      "name": "CVE-2025-50059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
    },
    {
      "name": "CVE-2025-37970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37970"
    },
    {
      "name": "CVE-2025-22066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22066"
    },
    {
      "name": "CVE-2019-2687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2687"
    },
    {
      "name": "CVE-2025-8292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8292"
    },
    {
      "name": "CVE-2025-37905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37905"
    },
    {
      "name": "CVE-2025-0444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0444"
    },
    {
      "name": "CVE-2025-21579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
    },
    {
      "name": "CVE-2020-14845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14845"
    },
    {
      "name": "CVE-2025-22007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22007"
    },
    {
      "name": "CVE-2024-34459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34459"
    },
    {
      "name": "CVE-2025-38094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38094"
    },
    {
      "name": "CVE-2024-8805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8805"
    },
    {
      "name": "CVE-2025-49795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49795"
    },
    {
      "name": "CVE-2022-21556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21556"
    },
    {
      "name": "CVE-2025-4372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4372"
    },
    {
      "name": "CVE-2024-11691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11691"
    },
    {
      "name": "CVE-2023-6237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
    },
    {
      "name": "CVE-2015-4775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4775"
    },
    {
      "name": "CVE-2025-37967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37967"
    },
    {
      "name": "CVE-2016-0694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0694"
    },
    {
      "name": "CVE-2020-2896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2896"
    },
    {
      "name": "CVE-2021-2410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2410"
    },
    {
      "name": "CVE-2025-29088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29088"
    },
    {
      "name": "CVE-2021-46848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
    },
    {
      "name": "CVE-2025-6426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6426"
    },
    {
      "name": "CVE-2020-14800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14800"
    },
    {
      "name": "CVE-2025-6558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6558"
    },
    {
      "name": "CVE-2025-8035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8035"
    },
    {
      "name": "CVE-2025-37885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37885"
    },
    {
      "name": "CVE-2025-38000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38000"
    },
    {
      "name": "CVE-2025-22071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22071"
    },
    {
      "name": "CVE-2025-1376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
    },
    {
      "name": "CVE-2025-37949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37949"
    },
    {
      "name": "CVE-2024-56751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56751"
    },
    {
      "name": "CVE-2023-21873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21873"
    },
    {
      "name": "CVE-2021-2308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2308"
    },
    {
      "name": "CVE-2024-22365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
    },
    {
      "name": "CVE-2022-21368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21368"
    },
    {
      "name": "CVE-2023-20873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20873"
    },
    {
      "name": "CVE-2024-47535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2024-46774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46774"
    },
    {
      "name": "CVE-2025-8579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8579"
    },
    {
      "name": "CVE-2021-2402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2402"
    },
    {
      "name": "CVE-2024-21236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21236"
    },
    {
      "name": "CVE-2025-22075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22075"
    },
    {
      "name": "CVE-2024-7592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
    },
    {
      "name": "CVE-2024-11705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11705"
    },
    {
      "name": "CVE-2025-48988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
    },
    {
      "name": "CVE-2025-38083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38083"
    },
    {
      "name": "CVE-2023-21863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21863"
    },
    {
      "name": "CVE-2020-2763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2763"
    },
    {
      "name": "CVE-2008-5728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5728"
    },
    {
      "name": "CVE-2025-6436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6436"
    },
    {
      "name": "CVE-2015-2583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2583"
    },
    {
      "name": "CVE-2020-14852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14852"
    },
    {
      "name": "CVE-2019-2974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2974"
    },
    {
      "name": "CVE-2023-21876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21876"
    },
    {
      "name": "CVE-2024-11702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11702"
    },
    {
      "name": "CVE-2024-2236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
    },
    {
      "name": "CVE-2023-4039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4039"
    },
    {
      "name": "CVE-2025-45768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-45768"
    },
    {
      "name": "CVE-2025-8583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8583"
    },
    {
      "name": "CVE-2025-4083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4083"
    },
    {
      "name": "CVE-2020-14868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14868"
    },
    {
      "name": "CVE-2020-14814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14814"
    },
    {
      "name": "CVE-2025-1365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1365"
    },
    {
      "name": "CVE-2020-14837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14837"
    },
    {
      "name": "CVE-2019-2644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2644"
    },
    {
      "name": "CVE-2025-1918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1918"
    },
    {
      "name": "CVE-2022-3996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
    },
    {
      "name": "CVE-2020-2589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2589"
    },
    {
      "name": "CVE-2024-25062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
    },
    {
      "name": "CVE-2021-2036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2036"
    },
    {
      "name": "CVE-2024-21137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21137"
    },
    {
      "name": "CVE-2024-2398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
    },
    {
      "name": "CVE-2023-27536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
    },
    {
      "name": "CVE-2024-54458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54458"
    },
    {
      "name": "CVE-2022-21417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21417"
    },
    {
      "name": "CVE-2021-2479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2479"
    },
    {
      "name": "CVE-2025-22097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22097"
    },
    {
      "name": "CVE-2024-21239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21239"
    },
    {
      "name": "CVE-2015-4783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4783"
    },
    {
      "name": "CVE-2021-35629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35629"
    },
    {
      "name": "CVE-2020-2814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2814"
    },
    {
      "name": "CVE-2019-2922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2922"
    },
    {
      "name": "CVE-2015-4774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4774"
    },
    {
      "name": "CVE-2025-37840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37840"
    },
    {
      "name": "CVE-2025-0243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0243"
    },
    {
      "name": "CVE-2024-26739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26739"
    },
    {
      "name": "CVE-2017-11164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11164"
    },
    {
      "name": "CVE-2025-1935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1935"
    },
    {
      "name": "CVE-2018-3145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3145"
    },
    {
      "name": "CVE-2025-6425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6425"
    },
    {
      "name": "CVE-2025-26519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26519"
    },
    {
      "name": "CVE-2021-2340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2340"
    },
    {
      "name": "CVE-2024-35866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35866"
    },
    {
      "name": "CVE-2022-21437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21437"
    },
    {
      "name": "CVE-2022-21425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21425"
    },
    {
      "name": "CVE-2017-7500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
    },
    {
      "name": "CVE-2025-49124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
    },
    {
      "name": "CVE-2023-6481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6481"
    },
    {
      "name": "CVE-2025-3074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3074"
    },
    {
      "name": "CVE-2022-21537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21537"
    },
    {
      "name": "CVE-2024-10487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10487"
    },
    {
      "name": "CVE-2019-2580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2580"
    },
    {
      "name": "CVE-2023-21867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21867"
    },
    {
      "name": "CVE-2024-0727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
    },
    {
      "name": "CVE-2023-6378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
    },
    {
      "name": "CVE-2024-10041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
    },
    {
      "name": "CVE-2022-21547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21547"
    },
    {
      "name": "CVE-2024-49989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49989"
    },
    {
      "name": "CVE-2019-2587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2587"
    },
    {
      "name": "CVE-2023-6129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
    },
    {
      "name": "CVE-2022-34903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34903"
    },
    {
      "name": "CVE-2025-8043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8043"
    },
    {
      "name": "CVE-2022-4899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
    },
    {
      "name": "CVE-2025-5270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5270"
    },
    {
      "name": "CVE-2021-35627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35627"
    },
    {
      "name": "CVE-2025-21956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21956"
    },
    {
      "name": "CVE-2024-36908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36908"
    },
    {
      "name": "CVE-2019-2910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2910"
    },
    {
      "name": "CVE-2020-14539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14539"
    },
    {
      "name": "CVE-2025-37982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37982"
    },
    {
      "name": "CVE-2019-2593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2593"
    },
    {
      "name": "CVE-2025-37992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37992"
    },
    {
      "name": "CVE-2025-37932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37932"
    },
    {
      "name": "CVE-2022-3219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3219"
    },
    {
      "name": "CVE-2023-21869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21869"
    },
    {
      "name": "CVE-2025-37890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
    },
    {
      "name": "CVE-2025-4673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
    },
    {
      "name": "CVE-2025-1940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1940"
    },
    {
      "name": "CVE-2025-22020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22020"
    },
    {
      "name": "CVE-2020-15366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15366"
    },
    {
      "name": "CVE-2023-34969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
    },
    {
      "name": "CVE-2020-22916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
    },
    {
      "name": "CVE-2025-31672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31672"
    },
    {
      "name": "CVE-2019-2963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2963"
    },
    {
      "name": "CVE-2021-2387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2387"
    },
    {
      "name": "CVE-2025-5916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5916"
    },
    {
      "name": "CVE-2022-21348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21348"
    },
    {
      "name": "CVE-2025-30721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
    },
    {
      "name": "CVE-2020-14672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14672"
    },
    {
      "name": "CVE-2021-2293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2293"
    },
    {
      "name": "CVE-2025-37914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37914"
    },
    {
      "name": "CVE-2020-14830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14830"
    },
    {
      "name": "CVE-2025-22871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
    },
    {
      "name": "CVE-2025-41232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41232"
    },
    {
      "name": "CVE-2025-8010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8010"
    },
    {
      "name": "CVE-2021-2370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2370"
    },
    {
      "name": "CVE-2025-32988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
    },
    {
      "name": "CVE-2024-10963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
    },
    {
      "name": "CVE-2024-26461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
    },
    {
      "name": "CVE-2025-4082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4082"
    },
    {
      "name": "CVE-2021-35644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35644"
    },
    {
      "name": "CVE-2017-3604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3604"
    },
    {
      "name": "CVE-2022-21592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21592"
    },
    {
      "name": "CVE-2024-38828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
    },
    {
      "name": "CVE-2023-27538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
    },
    {
      "name": "CVE-2025-37794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37794"
    },
    {
      "name": "CVE-2025-8036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8036"
    },
    {
      "name": "CVE-2021-35631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35631"
    },
    {
      "name": "CVE-2023-4641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4641"
    },
    {
      "name": "CVE-2025-1915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1915"
    },
    {
      "name": "CVE-2025-27113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
    },
    {
      "name": "CVE-2024-47081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
    },
    {
      "name": "CVE-2023-36054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36054"
    },
    {
      "name": "CVE-2024-26458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
    },
    {
      "name": "CVE-2025-8032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8032"
    },
    {
      "name": "CVE-2022-23218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23218"
    },
    {
      "name": "CVE-2025-23166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
    },
    {
      "name": "CVE-2019-10782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10782"
    },
    {
      "name": "CVE-2024-11693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11693"
    },
    {
      "name": "CVE-2024-55549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
    },
    {
      "name": "CVE-2020-14893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14893"
    },
    {
      "name": "CVE-2021-35642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35642"
    },
    {
      "name": "CVE-2023-43787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43787"
    },
    {
      "name": "CVE-2019-2948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2948"
    },
    {
      "name": "CVE-2023-43786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43786"
    },
    {
      "name": "CVE-2021-2278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2278"
    },
    {
      "name": "CVE-2024-6119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
    },
    {
      "name": "CVE-2019-2924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2924"
    },
    {
      "name": "CVE-2025-3608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3608"
    },
    {
      "name": "CVE-2021-2226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2226"
    },
    {
      "name": "CVE-2021-25214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25214"
    },
    {
      "name": "CVE-2024-0397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
    },
    {
      "name": "CVE-2025-24294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
    },
    {
      "name": "CVE-2020-2779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2779"
    },
    {
      "name": "CVE-2025-40909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40909"
    },
    {
      "name": "CVE-2023-21836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21836"
    },
    {
      "name": "CVE-2025-37836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37836"
    },
    {
      "name": "CVE-2025-6432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6432"
    },
    {
      "name": "CVE-2017-3607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3607"
    },
    {
      "name": "CVE-2024-50258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50258"
    },
    {
      "name": "CVE-2021-2342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2342"
    },
    {
      "name": "CVE-2025-3029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3029"
    },
    {
      "name": "CVE-2025-1934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1934"
    },
    {
      "name": "CVE-2020-28500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28500"
    },
    {
      "name": "CVE-2020-14794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14794"
    },
    {
      "name": "CVE-2019-2634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2634"
    },
    {
      "name": "CVE-2025-3034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3034"
    },
    {
      "name": "CVE-2024-42322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
    },
    {
      "name": "CVE-2023-22078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22078"
    },
    {
      "name": "CVE-2020-14786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14786"
    },
    {
      "name": "CVE-2023-21870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21870"
    },
    {
      "name": "CVE-2024-46753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46753"
    },
    {
      "name": "CVE-2025-9187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9187"
    },
    {
      "name": "CVE-2021-35638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35638"
    },
    {
      "name": "CVE-2022-21534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21534"
    },
    {
      "name": "CVE-2025-4516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
    },
    {
      "name": "CVE-2024-38808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38808"
    },
    {
      "name": "CVE-2025-9183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9183"
    },
    {
      "name": "CVE-2025-22869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
    },
    {
      "name": "CVE-2008-5742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5742"
    },
    {
      "name": "CVE-2024-10466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10466"
    },
    {
      "name": "CVE-2021-20193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20193"
    },
    {
      "name": "CVE-2025-37771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37771"
    },
    {
      "name": "CVE-2022-3358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
    },
    {
      "name": "CVE-2019-2533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2533"
    },
    {
      "name": "CVE-2025-4050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4050"
    },
    {
      "name": "CVE-2025-37998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37998"
    },
    {
      "name": "CVE-2025-6021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
    },
    {
      "name": "CVE-2025-23163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23163"
    },
    {
      "name": "CVE-2022-35737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
    },
    {
      "name": "CVE-2020-14828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14828"
    },
    {
      "name": "CVE-2025-55668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
    },
    {
      "name": "CVE-2020-8203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
    },
    {
      "name": "CVE-2020-2759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2759"
    },
    {
      "name": "CVE-2024-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
    },
    {
      "name": "CVE-2025-1937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1937"
    },
    {
      "name": "CVE-2020-14812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14812"
    },
    {
      "name": "CVE-2025-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
    },
    {
      "name": "CVE-2025-9184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9184"
    },
    {
      "name": "CVE-2024-8096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
    },
    {
      "name": "CVE-2022-4415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4415"
    },
    {
      "name": "CVE-2025-1014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1014"
    },
    {
      "name": "CVE-2023-4806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
    },
    {
      "name": "CVE-2025-1013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1013"
    },
    {
      "name": "CVE-2023-31437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31437"
    },
    {
      "name": "CVE-2023-47039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47039"
    },
    {
      "name": "CVE-2025-37757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37757"
    },
    {
      "name": "CVE-2023-21879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21879"
    },
    {
      "name": "CVE-2025-22063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22063"
    },
    {
      "name": "CVE-2025-38177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38177"
    },
    {
      "name": "CVE-2025-0762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0762"
    },
    {
      "name": "CVE-2016-2781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2781"
    },
    {
      "name": "CVE-2023-31484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
    },
    {
      "name": "CVE-2024-11694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11694"
    },
    {
      "name": "CVE-2023-29383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29383"
    },
    {
      "name": "CVE-2020-2573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2573"
    },
    {
      "name": "CVE-2023-37769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37769"
    },
    {
      "name": "CVE-2022-21444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21444"
    },
    {
      "name": "CVE-2025-1018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1018"
    },
    {
      "name": "CVE-2020-2806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2806"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2025-38009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38009"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2020-14838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14838"
    },
    {
      "name": "CVE-2019-2791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2791"
    },
    {
      "name": "CVE-2025-30687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
    },
    {
      "name": "CVE-2024-2397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2397"
    },
    {
      "name": "CVE-2022-21378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21378"
    },
    {
      "name": "CVE-2025-8040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8040"
    },
    {
      "name": "CVE-2024-10465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10465"
    },
    {
      "name": "CVE-2021-35942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35942"
    },
    {
      "name": "CVE-2025-46701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
    },
    {
      "name": "CVE-2025-5068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5068"
    },
    {
      "name": "CVE-2025-38001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38001"
    },
    {
      "name": "CVE-2025-32415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
    },
    {
      "name": "CVE-2025-24855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
    },
    {
      "name": "CVE-2025-37817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37817"
    },
    {
      "name": "CVE-2019-2815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2815"
    },
    {
      "name": "CVE-2025-37838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37838"
    },
    {
      "name": "CVE-2021-2440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2440"
    },
    {
      "name": "CVE-2025-5889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
    },
    {
      "name": "CVE-2019-2695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2695"
    },
    {
      "name": "CVE-2021-35634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35634"
    },
    {
      "name": "CVE-2024-30171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
    },
    {
      "name": "CVE-2021-2304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2304"
    },
    {
      "name": "CVE-2024-23337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
    },
    {
      "name": "CVE-2016-0689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0689"
    },
    {
      "name": "CVE-2021-2179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2179"
    },
    {
      "name": "CVE-2025-37749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37749"
    },
    {
      "name": "CVE-2025-30749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
    },
    {
      "name": "CVE-2018-3285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3285"
    },
    {
      "name": "CVE-2019-2738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2738"
    },
    {
      "name": "CVE-2025-1017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1017"
    },
    {
      "name": "CVE-2020-14821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14821"
    },
    {
      "name": "CVE-2024-38541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38541"
    },
    {
      "name": "CVE-2021-2169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2169"
    },
    {
      "name": "CVE-2025-22235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
    },
    {
      "name": "CVE-2023-22084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22084"
    },
    {
      "name": "CVE-2020-2572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2572"
    },
    {
      "name": "CVE-2020-2570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2570"
    },
    {
      "name": "CVE-2025-37756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37756"
    },
    {
      "name": "CVE-2021-2060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2060"
    },
    {
      "name": "CVE-2021-2417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2417"
    },
    {
      "name": "CVE-2025-3035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3035"
    },
    {
      "name": "CVE-2025-37994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37994"
    },
    {
      "name": "CVE-2025-7339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
    },
    {
      "name": "CVE-2018-3212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3212"
    },
    {
      "name": "CVE-2020-2895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2895"
    },
    {
      "name": "CVE-2025-1352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1352"
    },
    {
      "name": "CVE-2024-4741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
    },
    {
      "name": "CVE-2022-21569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21569"
    },
    {
      "name": "CVE-2020-2925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2925"
    },
    {
      "name": "CVE-2021-33574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
    },
    {
      "name": "CVE-2024-38540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38540"
    },
    {
      "name": "CVE-2025-48924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
    },
    {
      "name": "CVE-2019-2636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2636"
    },
    {
      "name": "CVE-2019-18276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
    },
    {
      "name": "CVE-2025-6424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6424"
    },
    {
      "name": "CVE-2021-3326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3326"
    },
    {
      "name": "CVE-2021-35622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35622"
    },
    {
      "name": "CVE-2025-8916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
    },
    {
      "name": "CVE-2025-21523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21523"
    },
    {
      "name": "CVE-2025-32414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
    },
    {
      "name": "CVE-2025-8885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
    },
    {
      "name": "CVE-2025-1914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1914"
    },
    {
      "name": "CVE-2025-8029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8029"
    },
    {
      "name": "CVE-2025-5067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5067"
    },
    {
      "name": "CVE-2025-37858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37858"
    },
    {
      "name": "CVE-2023-40403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40403"
    },
    {
      "name": "CVE-2021-2212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2212"
    },
    {
      "name": "CVE-2019-2691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2691"
    },
    {
      "name": "CVE-2021-2232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2232"
    },
    {
      "name": "CVE-2019-2812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2812"
    },
    {
      "name": "CVE-2025-9132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9132"
    },
    {
      "name": "CVE-2021-35643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35643"
    },
    {
      "name": "CVE-2021-35938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
    },
    {
      "name": "CVE-2025-30704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
    },
    {
      "name": "CVE-2021-2478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2478"
    },
    {
      "name": "CVE-2025-37780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37780"
    },
    {
      "name": "CVE-2025-37995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37995"
    },
    {
      "name": "CVE-2020-16156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16156"
    },
    {
      "name": "CVE-2025-23156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23156"
    },
    {
      "name": "CVE-2025-23157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23157"
    },
    {
      "name": "CVE-2025-8038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8038"
    },
    {
      "name": "CVE-2022-21344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21344"
    },
    {
      "name": "CVE-2021-2481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2481"
    },
    {
      "name": "CVE-2022-28321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28321"
    },
    {
      "name": "CVE-2019-2739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2739"
    },
    {
      "name": "CVE-2015-2214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2214"
    },
    {
      "name": "CVE-2025-37808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37808"
    },
    {
      "name": "CVE-2017-3606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3606"
    },
    {
      "name": "CVE-2023-20883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20883"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2019-2968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2968"
    },
    {
      "name": "CVE-2023-22053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22053"
    },
    {
      "name": "CVE-2025-0438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0438"
    },
    {
      "name": "CVE-2021-25219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25219"
    },
    {
      "name": "CVE-2023-24329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
    },
    {
      "name": "CVE-2025-21963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21963"
    },
    {
      "name": "CVE-2024-12243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
    },
    {
      "name": "CVE-2024-26462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26462"
    },
    {
      "name": "CVE-2020-14776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14776"
    },
    {
      "name": "CVE-2025-30693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
    },
    {
      "name": "CVE-2025-21585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
    },
    {
      "name": "CVE-2024-42230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42230"
    },
    {
      "name": "CVE-2025-5283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5283"
    },
    {
      "name": "CVE-2022-21367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21367"
    },
    {
      "name": "CVE-2025-37997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37997"
    },
    {
      "name": "CVE-2025-24928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
    },
    {
      "name": "CVE-2019-2688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2688"
    },
    {
      "name": "CVE-2020-14860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14860"
    },
    {
      "name": "CVE-2025-2312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
    },
    {
      "name": "CVE-2025-0395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
    },
    {
      "name": "CVE-2025-53506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
    },
    {
      "name": "CVE-2023-4320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4320"
    },
    {
      "name": "CVE-2025-1922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1922"
    },
    {
      "name": "CVE-2025-23084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
    },
    {
      "name": "CVE-2015-4786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4786"
    },
    {
      "name": "CVE-2025-0437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0437"
    },
    {
      "name": "CVE-2022-3602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
    },
    {
      "name": "CVE-2022-40304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
    },
    {
      "name": "CVE-2023-4911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
    },
    {
      "name": "CVE-2025-8028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8028"
    },
    {
      "name": "CVE-2025-0725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
    },
    {
      "name": "CVE-2025-49709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49709"
    },
    {
      "name": "CVE-2021-44832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
    },
    {
      "name": "CVE-2024-11706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11706"
    },
    {
      "name": "CVE-2025-4051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4051"
    },
    {
      "name": "CVE-2025-7424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7424"
    },
    {
      "name": "CVE-2017-12629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12629"
    },
    {
      "name": "CVE-2021-35645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35645"
    },
    {
      "name": "CVE-2020-2780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2780"
    },
    {
      "name": "CVE-2025-37805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37805"
    },
    {
      "name": "CVE-2025-5063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5063"
    },
    {
      "name": "CVE-2018-3195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3195"
    },
    {
      "name": "CVE-2025-3071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3071"
    },
    {
      "name": "CVE-2024-50073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
    },
    {
      "name": "CVE-2020-14567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14567"
    },
    {
      "name": "CVE-2019-2539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2539"
    },
    {
      "name": "CVE-2022-21525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21525"
    },
    {
      "name": "CVE-2025-37990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37990"
    },
    {
      "name": "CVE-2022-21352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21352"
    },
    {
      "name": "CVE-2025-53864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
    },
    {
      "name": "CVE-2025-22089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22089"
    },
    {
      "name": "CVE-2025-8011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8011"
    },
    {
      "name": "CVE-2025-0436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0436"
    },
    {
      "name": "CVE-2023-22114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22114"
    },
    {
      "name": "CVE-2024-4032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
    },
    {
      "name": "CVE-2021-27645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27645"
    },
    {
      "name": "CVE-2025-37862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37862"
    },
    {
      "name": "CVE-2024-28835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28835"
    },
    {
      "name": "CVE-2025-0447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0447"
    },
    {
      "name": "CVE-2021-2213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2213"
    },
    {
      "name": "CVE-2025-49796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
    },
    {
      "name": "CVE-2025-8058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
    },
    {
      "name": "CVE-2024-21209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21209"
    },
    {
      "name": "CVE-2025-8033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8033"
    },
    {
      "name": "CVE-2021-22570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22570"
    },
    {
      "name": "CVE-2025-37839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37839"
    },
    {
      "name": "CVE-2025-37913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37913"
    },
    {
      "name": "CVE-2023-22097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22097"
    },
    {
      "name": "CVE-2020-2765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2765"
    },
    {
      "name": "CVE-2020-14791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14791"
    },
    {
      "name": "CVE-2023-21880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21880"
    },
    {
      "name": "CVE-2025-8732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8732"
    },
    {
      "name": "CVE-2025-8030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8030"
    },
    {
      "name": "CVE-2024-11696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11696"
    },
    {
      "name": "CVE-2025-22008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22008"
    },
    {
      "name": "CVE-2023-21912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21912"
    },
    {
      "name": "CVE-2008-5730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5730"
    },
    {
      "name": "CVE-2021-2217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2217"
    },
    {
      "name": "CVE-2025-30204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
    },
    {
      "name": "CVE-2025-3073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3073"
    },
    {
      "name": "CVE-2023-39325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
    },
    {
      "name": "CVE-2019-9658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9658"
    },
    {
      "name": "CVE-2025-6191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6191"
    },
    {
      "name": "CVE-2025-21581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
    },
    {
      "name": "CVE-2022-21454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21454"
    },
    {
      "name": "CVE-2025-5914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
    },
    {
      "name": "CVE-2018-1196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1196"
    },
    {
      "name": "CVE-2022-21427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21427"
    },
    {
      "name": "CVE-2024-35943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35943"
    },
    {
      "name": "CVE-2025-5271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5271"
    },
    {
      "name": "CVE-2022-21374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21374"
    },
    {
      "name": "CVE-2021-35630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35630"
    },
    {
      "name": "CVE-2025-6554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6554"
    },
    {
      "name": "CVE-2025-5266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5266"
    },
    {
      "name": "CVE-2023-39615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
    },
    {
      "name": "CVE-2023-52757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52757"
    },
    {
      "name": "CVE-2017-7501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
    },
    {
      "name": "CVE-2023-31486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31486"
    },
    {
      "name": "CVE-2025-41242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
    },
    {
      "name": "CVE-2025-37851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37851"
    },
    {
      "name": "CVE-2020-14553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14553"
    },
    {
      "name": "CVE-2025-8031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8031"
    },
    {
      "name": "CVE-2024-38816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
    },
    {
      "name": "CVE-2024-2511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
    },
    {
      "name": "CVE-2022-21462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21462"
    },
    {
      "name": "CVE-2019-2584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2584"
    },
    {
      "name": "CVE-2025-22054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22054"
    },
    {
      "name": "CVE-2019-2635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2635"
    },
    {
      "name": "CVE-2025-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21968"
    },
    {
      "name": "CVE-2022-21478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21478"
    },
    {
      "name": "CVE-2025-29087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29087"
    },
    {
      "name": "CVE-2019-2693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2693"
    },
    {
      "name": "CVE-2025-21991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
    },
    {
      "name": "CVE-2025-22086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22086"
    },
    {
      "name": "CVE-2019-2741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2741"
    },
    {
      "name": "CVE-2025-46392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46392"
    },
    {
      "name": "CVE-2020-27618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27618"
    },
    {
      "name": "CVE-2022-21370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21370"
    },
    {
      "name": "CVE-2021-2372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2372"
    },
    {
      "name": "CVE-2023-6246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6246"
    },
    {
      "name": "CVE-2021-2426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2426"
    },
    {
      "name": "CVE-2025-22073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22073"
    },
    {
      "name": "CVE-2025-37788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37788"
    },
    {
      "name": "CVE-2025-1936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1936"
    },
    {
      "name": "CVE-2025-5958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5958"
    },
    {
      "name": "CVE-2022-23219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
    },
    {
      "name": "CVE-2019-2950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2950"
    },
    {
      "name": "CVE-2025-0238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0238"
    },
    {
      "name": "CVE-2015-2640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2640"
    },
    {
      "name": "CVE-2025-30685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
    },
    {
      "name": "CVE-2021-35641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35641"
    },
    {
      "name": "CVE-2025-2476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2476"
    },
    {
      "name": "CVE-2019-2620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2620"
    },
    {
      "name": "CVE-2025-30695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
    },
    {
      "name": "CVE-2025-30688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
    },
    {
      "name": "CVE-2025-37881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37881"
    },
    {
      "name": "CVE-2025-21588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21588"
    },
    {
      "name": "CVE-2019-2960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2960"
    },
    {
      "name": "CVE-2025-0998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0998"
    },
    {
      "name": "CVE-2022-21459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21459"
    },
    {
      "name": "CVE-2023-27537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
    },
    {
      "name": "CVE-2025-37909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37909"
    },
    {
      "name": "CVE-2019-2795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2795"
    },
    {
      "name": "CVE-2021-2011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2011"
    },
    {
      "name": "CVE-2022-21412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21412"
    },
    {
      "name": "CVE-2023-5678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
    },
    {
      "name": "CVE-2024-2961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
    },
    {
      "name": "CVE-2022-21245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21245"
    },
    {
      "name": "CVE-2025-21962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21962"
    },
    {
      "name": "CVE-2024-12133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
    },
    {
      "name": "CVE-2025-37812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37812"
    },
    {
      "name": "CVE-2020-2584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2584"
    },
    {
      "name": "CVE-2025-37875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37875"
    },
    {
      "name": "CVE-2023-42366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42366"
    },
    {
      "name": "CVE-2019-2834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2834"
    },
    {
      "name": "CVE-2020-14775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14775"
    },
    {
      "name": "CVE-2022-21438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21438"
    },
    {
      "name": "CVE-2024-28182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
    },
    {
      "name": "CVE-2020-14760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14760"
    },
    {
      "name": "CVE-2021-2383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2383"
    },
    {
      "name": "CVE-2025-0167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
    },
    {
      "name": "CVE-2025-22079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22079"
    },
    {
      "name": "CVE-2022-21546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21546"
    },
    {
      "name": "CVE-2023-6597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
    },
    {
      "name": "CVE-2025-1923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1923"
    },
    {
      "name": "CVE-2025-22227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
    },
    {
      "name": "CVE-2021-2166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2166"
    },
    {
      "name": "CVE-2025-47273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
    },
    {
      "name": "CVE-2022-21339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21339"
    },
    {
      "name": "CVE-2025-23140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23140"
    },
    {
      "name": "CVE-2025-23150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23150"
    },
    {
      "name": "CVE-2025-1938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1938"
    },
    {
      "name": "CVE-2023-22059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22059"
    },
    {
      "name": "CVE-2020-2923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2923"
    },
    {
      "name": "CVE-2025-4919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4919"
    },
    {
      "name": "CVE-2019-2681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2681"
    },
    {
      "name": "CVE-2022-48303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48303"
    },
    {
      "name": "CVE-2025-0240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0240"
    },
    {
      "name": "CVE-2023-22066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22066"
    },
    {
      "name": "CVE-2021-43618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
    },
    {
      "name": "CVE-2019-2757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2757"
    },
    {
      "name": "CVE-2020-14848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14848"
    },
    {
      "name": "CVE-2018-3280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3280"
    },
    {
      "name": "CVE-2016-1000027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
    },
    {
      "name": "CVE-2020-2924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2924"
    },
    {
      "name": "CVE-2025-8576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8576"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    },
    {
      "name": "CVE-2025-1012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1012"
    },
    {
      "name": "CVE-2025-21964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21964"
    },
    {
      "name": "CVE-2024-0567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0567"
    },
    {
      "name": "CVE-2025-22081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22081"
    },
    {
      "name": "CVE-2025-5267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5267"
    },
    {
      "name": "CVE-2022-27772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27772"
    },
    {
      "name": "CVE-2025-23148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23148"
    },
    {
      "name": "CVE-2023-31438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31438"
    },
    {
      "name": "CVE-2025-6555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6555"
    },
    {
      "name": "CVE-2022-0396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0396"
    },
    {
      "name": "CVE-2025-3576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
    },
    {
      "name": "CVE-2025-0245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0245"
    },
    {
      "name": "CVE-2019-2830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2830"
    },
    {
      "name": "CVE-2021-35633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35633"
    },
    {
      "name": "CVE-2024-10462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10462"
    },
    {
      "name": "CVE-2023-22068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22068"
    },
    {
      "name": "CVE-2024-6923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
    },
    {
      "name": "CVE-2020-14867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14867"
    },
    {
      "name": "CVE-2025-23147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23147"
    },
    {
      "name": "CVE-2024-8088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
    },
    {
      "name": "CVE-2025-48734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0756",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-09-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36093",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36093"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36102",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36102"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36101",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36101"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36100",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36100"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36105",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36105"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36091",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36091"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36078",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36078"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36107",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36107"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36094",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36094"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36097",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36097"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-46",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36104"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36108",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36108"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36095",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36095"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-09",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36090"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36096",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36096"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36106",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36106"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36109",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36109"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36098",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36098"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-68",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36111"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36103",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36103"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36099",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36099"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36092",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36092"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36110",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36110"
    }
  ]
}

CERTFR-2024-AVI-0027

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	CTPView versions versions antérieures à 9.1R5
Juniper Networks	Junos OS Evolved	Junos OS Evolved version antérieures à 20.4R2-EVO, 20.4R2-S2-EVO, 20.4R3-EVO, 20.4R3-S7-EVO, 21.1R2-EVO, 21.2R2-EVO, 21.2R3-S7-EVO, 21.3R2-EVO, 21.3R3-S5-EVO, 21.4R3-EVO, 21.4R3-S3-EVO, 21.4R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-EVO, 22.1R3-S2-EVO, 22.1R3-S4-EVO, 22.1R3-S5-EVO, 22.2R2-S1-EVO, 22.2R2-S2-EVO, 22.2R3-EVO, 22.2R3-S2-EVO, 22.2R3-S3-EVO, 22.3R1-EVO, 22.3R2-EVO, 22.3R3-EVO, 22.3R3-S1-EVO, 22.4R1-EVO, 22.4R2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-EVO, 23.2R1-S1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO et 23.4R1-EVO
Juniper Networks	N/A	Paragon Active Assurance versions antérieures à 3.1.2, 3.2.3, 3.3.2 et 3.4.1
Juniper Networks	Junos OS	Junos OS version antérieures à 20.4R3-S3, 20.4R3-S6, 20.4R3-S7, 20.4R3-S8, 20.4R3-S9, 21.1R3-S4, 21.1R3-S5, 21.2R3, 21.2R3-S3, 21.2R3-S4, 21.2R3-S5, 21.2R3-S6, 21.2R3-S7, 21.3R2-S1, 21.3R3, 21.3R3-S3, 21.3R3-S4, 21.3R3-S5, 21.4R2, 21.4R3, 21.4R3-S3, 21.4R3-S4, 21.4R3-S5, 22.1R2, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.1R3-S2, 22.1R3-S3, 22.1R3-S4, 22.2R1, 22.2R2, 22.2R2-S1, 22.2R2-S2, 22.2R3, 22.2R3-S1, 22.2R3-S2, 22.2R3-S3, 22.3R1, 22.3R2, 22.3R2-S1, 22.3R2-S2, 22.3R3, 22.3R3-S1, 22.3R3-S2, 22.4R1, 22.4R1-S2, 22.4R2, 22.4R2-S1, 22.4R2-S2, 22.4R3, 23.1R1, 23.1R2, 23.2R1, 23.2R1-S1, 23.2R1-S2, 23.2R2, 23.3R1 et 23.4R1
Juniper Networks	Session Smart Router	Session Smart Router versions antérieures à SSR-6.2.3-r2
Juniper Networks	N/A	Security Director Insights versions antérieures à 23.1R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA75723 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75741 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75752 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75757 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75730 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75734 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75737 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75721 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75736 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75747 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75758 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA11272 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75727 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75233 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75754 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75753 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75742 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75740 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75748 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75744 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75743 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75738 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75733 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75725 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75755 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75735 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75745 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75729 du 10 janvier 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CTPView versions versions ant\u00e9rieures \u00e0 9.1R5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved version ant\u00e9rieures \u00e0 20.4R2-EVO, 20.4R2-S2-EVO, 20.4R3-EVO, 20.4R3-S7-EVO, 21.1R2-EVO, 21.2R2-EVO, 21.2R3-S7-EVO, 21.3R2-EVO, 21.3R3-S5-EVO, 21.4R3-EVO, 21.4R3-S3-EVO, 21.4R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-EVO, 22.1R3-S2-EVO, 22.1R3-S4-EVO, 22.1R3-S5-EVO, 22.2R2-S1-EVO, 22.2R2-S2-EVO, 22.2R3-EVO, 22.2R3-S2-EVO, 22.2R3-S3-EVO, 22.3R1-EVO, 22.3R2-EVO, 22.3R3-EVO, 22.3R3-S1-EVO, 22.4R1-EVO, 22.4R2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-EVO, 23.2R1-S1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO et 23.4R1-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Paragon Active Assurance versions ant\u00e9rieures \u00e0 3.1.2, 3.2.3, 3.3.2 et 3.4.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS version ant\u00e9rieures \u00e0 20.4R3-S3, 20.4R3-S6, 20.4R3-S7, 20.4R3-S8, 20.4R3-S9, 21.1R3-S4, 21.1R3-S5, 21.2R3, 21.2R3-S3, 21.2R3-S4, 21.2R3-S5, 21.2R3-S6, 21.2R3-S7, 21.3R2-S1, 21.3R3, 21.3R3-S3, 21.3R3-S4, 21.3R3-S5, 21.4R2, 21.4R3, 21.4R3-S3, 21.4R3-S4, 21.4R3-S5, 22.1R2, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.1R3-S2, 22.1R3-S3, 22.1R3-S4, 22.2R1, 22.2R2, 22.2R2-S1, 22.2R2-S2, 22.2R3, 22.2R3-S1, 22.2R3-S2, 22.2R3-S3, 22.3R1, 22.3R2, 22.3R2-S1, 22.3R2-S2, 22.3R3, 22.3R3-S1, 22.3R3-S2, 22.4R1, 22.4R1-S2, 22.4R2, 22.4R2-S1, 22.4R2-S2, 22.4R3, 23.1R1, 23.1R2, 23.2R1, 23.2R1-S1, 23.2R1-S2, 23.2R2, 23.3R1 et 23.4R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Session Smart Router versions ant\u00e9rieures \u00e0 SSR-6.2.3-r2",
      "product": {
        "name": "Session Smart Router",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Security Director Insights versions ant\u00e9rieures \u00e0 23.1R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-3707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3707"
    },
    {
      "name": "CVE-2024-21602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21602"
    },
    {
      "name": "CVE-2022-41974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41974"
    },
    {
      "name": "CVE-2023-38802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38802"
    },
    {
      "name": "CVE-2023-21938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
    },
    {
      "name": "CVE-2023-21843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
    },
    {
      "name": "CVE-2022-42720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42720"
    },
    {
      "name": "CVE-2022-30594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30594"
    },
    {
      "name": "CVE-2022-41973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41973"
    },
    {
      "name": "CVE-2023-0461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0461"
    },
    {
      "name": "CVE-2024-21616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21616"
    },
    {
      "name": "CVE-2021-25220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25220"
    },
    {
      "name": "CVE-2023-2235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2235"
    },
    {
      "name": "CVE-2023-23454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
    },
    {
      "name": "CVE-2023-21954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
    },
    {
      "name": "CVE-2022-2964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2964"
    },
    {
      "name": "CVE-2023-21939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
    },
    {
      "name": "CVE-2023-1281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1281"
    },
    {
      "name": "CVE-2024-21599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21599"
    },
    {
      "name": "CVE-2022-47929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47929"
    },
    {
      "name": "CVE-2022-3628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3628"
    },
    {
      "name": "CVE-2024-21614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21614"
    },
    {
      "name": "CVE-2023-21830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
    },
    {
      "name": "CVE-2023-3817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
    },
    {
      "name": "CVE-2023-26464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
    },
    {
      "name": "CVE-2020-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
    },
    {
      "name": "CVE-2021-26691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
    },
    {
      "name": "CVE-2022-4269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4269"
    },
    {
      "name": "CVE-2022-42703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
    },
    {
      "name": "CVE-2024-21607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21607"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2023-32067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
    },
    {
      "name": "CVE-2023-0266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
    },
    {
      "name": "CVE-2019-17571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
    },
    {
      "name": "CVE-2022-39189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39189"
    },
    {
      "name": "CVE-2022-3239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3239"
    },
    {
      "name": "CVE-2022-43750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
    },
    {
      "name": "CVE-2022-3567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3567"
    },
    {
      "name": "CVE-2023-2828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
    },
    {
      "name": "CVE-2021-4104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
    },
    {
      "name": "CVE-2023-22081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
    },
    {
      "name": "CVE-2023-20569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
    },
    {
      "name": "CVE-2024-21596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21596"
    },
    {
      "name": "CVE-2022-3564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
    },
    {
      "name": "CVE-2021-33656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33656"
    },
    {
      "name": "CVE-2023-1582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1582"
    },
    {
      "name": "CVE-2022-4129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4129"
    },
    {
      "name": "CVE-2022-41218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
    },
    {
      "name": "CVE-2023-2194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2194"
    },
    {
      "name": "CVE-2024-21604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21604"
    },
    {
      "name": "CVE-2023-32360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
    },
    {
      "name": "CVE-2022-0934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0934"
    },
    {
      "name": "CVE-2020-9493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9493"
    },
    {
      "name": "CVE-2021-3573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
    },
    {
      "name": "CVE-2022-2196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2196"
    },
    {
      "name": "CVE-2021-39275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
    },
    {
      "name": "CVE-2022-42896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42896"
    },
    {
      "name": "CVE-2022-21699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21699"
    },
    {
      "name": "CVE-2024-21600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21600"
    },
    {
      "name": "CVE-2021-33655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33655"
    },
    {
      "name": "CVE-2023-0767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
    },
    {
      "name": "CVE-2022-1462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1462"
    },
    {
      "name": "CVE-2023-23920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
    },
    {
      "name": "CVE-2023-20593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
    },
    {
      "name": "CVE-2024-21606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21606"
    },
    {
      "name": "CVE-2022-0330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
    },
    {
      "name": "CVE-2022-41222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41222"
    },
    {
      "name": "CVE-2016-10009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10009"
    },
    {
      "name": "CVE-2022-23305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23305"
    },
    {
      "name": "CVE-2022-2663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2663"
    },
    {
      "name": "CVE-2023-23918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
    },
    {
      "name": "CVE-2024-21591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21591"
    },
    {
      "name": "CVE-2020-12321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12321"
    },
    {
      "name": "CVE-2022-23307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23307"
    },
    {
      "name": "CVE-2022-3524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3524"
    },
    {
      "name": "CVE-2022-39188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39188"
    },
    {
      "name": "CVE-2023-3341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
    },
    {
      "name": "CVE-2022-37434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
    },
    {
      "name": "CVE-2022-2795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2795"
    },
    {
      "name": "CVE-2022-22942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
    },
    {
      "name": "CVE-2022-43945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43945"
    },
    {
      "name": "CVE-2022-3625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3625"
    },
    {
      "name": "CVE-2021-34798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
    },
    {
      "name": "CVE-2024-21587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21587"
    },
    {
      "name": "CVE-2022-42721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42721"
    },
    {
      "name": "CVE-2022-4378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
    },
    {
      "name": "CVE-2022-4254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4254"
    },
    {
      "name": "CVE-2024-21617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21617"
    },
    {
      "name": "CVE-2023-1195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1195"
    },
    {
      "name": "CVE-2024-21589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21589"
    },
    {
      "name": "CVE-2023-21937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
    },
    {
      "name": "CVE-2023-22809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22809"
    },
    {
      "name": "CVE-2022-20141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20141"
    },
    {
      "name": "CVE-2021-4155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
    },
    {
      "name": "CVE-2023-2650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
    },
    {
      "name": "CVE-2024-21595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21595"
    },
    {
      "name": "CVE-2021-3564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
    },
    {
      "name": "CVE-2021-3621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3621"
    },
    {
      "name": "CVE-2023-0394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0394"
    },
    {
      "name": "CVE-2022-22164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22164"
    },
    {
      "name": "CVE-2024-21597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21597"
    },
    {
      "name": "CVE-2021-3752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
    },
    {
      "name": "CVE-2023-0386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0386"
    },
    {
      "name": "CVE-2016-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
    },
    {
      "name": "CVE-2021-26341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26341"
    },
    {
      "name": "CVE-2022-38023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38023"
    },
    {
      "name": "CVE-2023-22045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
    },
    {
      "name": "CVE-2022-1679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1679"
    },
    {
      "name": "CVE-2023-22049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
    },
    {
      "name": "CVE-2023-38408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
    },
    {
      "name": "CVE-2022-3619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3619"
    },
    {
      "name": "CVE-2021-0920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
    },
    {
      "name": "CVE-2023-1829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1829"
    },
    {
      "name": "CVE-2022-25265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25265"
    },
    {
      "name": "CVE-2022-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1789"
    },
    {
      "name": "CVE-2022-2873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2873"
    },
    {
      "name": "CVE-2022-3623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3623"
    },
    {
      "name": "CVE-2024-21611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21611"
    },
    {
      "name": "CVE-2024-21613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21613"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2023-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
    },
    {
      "name": "CVE-2024-21612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21612"
    },
    {
      "name": "CVE-2022-42722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42722"
    },
    {
      "name": "CVE-2024-21603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21603"
    },
    {
      "name": "CVE-2023-21930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
    },
    {
      "name": "CVE-2024-21585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21585"
    },
    {
      "name": "CVE-2022-23302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23302"
    },
    {
      "name": "CVE-2023-24329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
    },
    {
      "name": "CVE-2021-44832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
    },
    {
      "name": "CVE-2021-44790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
    },
    {
      "name": "CVE-2023-36842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36842"
    },
    {
      "name": "CVE-2022-4139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
    },
    {
      "name": "CVE-2024-21594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21594"
    },
    {
      "name": "CVE-2022-3028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3028"
    },
    {
      "name": "CVE-2022-3566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3566"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2023-21967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
    },
    {
      "name": "CVE-2022-41674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41674"
    },
    {
      "name": "CVE-2024-21601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21601"
    },
    {
      "name": "CVE-2023-2124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
    },
    {
      "name": "CVE-2020-0465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0027",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-01-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75723 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-rpd-process-crash-due-to-BGP-flap-on-NSR-enabled-devices-CVE-2024-21585"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75741 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-PTX-Series-In-an-FTI-scenario-MPLS-packets-hitting-reject-next-hop-will-cause-a-host-path-wedge-condition-CVE-2024-21600"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75752 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-jflow-scenario-continuous-route-churn-will-cause-a-memory-leak-and-eventually-an-rpd-crash-CVE-2024-21611"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75757 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Processing-of-a-specific-SIP-packet-causes-NAT-IP-allocation-to-fail-CVE-2024-21616"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75730 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-jdhcpd-will-hang-on-receiving-a-specific-DHCP-packet-CVE-2023-36842"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75734 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-EX4100-EX4400-EX4600-and-QFX5000-Series-A-high-rate-of-specific-ICMP-traffic-will-cause-the-PFE-to-hang-CVE-2024-21595"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75737 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Security-Director-Insights-Multiple-vulnerabilities-in-SDI"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75721 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-IPython-privilege-escalation-vulnerability-CVE-2022-21699"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75736 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-CTPView-Multiple-vulnerabilities-in-CTPView-CVE-yyyy-nnnn"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75747 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-flowd-will-crash-when-tcp-encap-is-enabled-and-specific-packets-are-received-CVE-2024-21606"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75758 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-BGP-flap-on-NSR-enabled-devices-causes-memory-leak-CVE-2024-21617"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11272 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2022-01-Security-Bulletin-Junos-OS-Evolved-Telnet-service-may-be-enabled-when-it-is-expected-to-be-disabled-CVE-2022-22164"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75727 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Paragon-Active-Assurance-Control-Center-Information-disclosure-vulnerability-CVE-2024-21589"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75233 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75754 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-link-flap-causes-patroot-memory-leak-which-leads-to-rpd-crash-CVE-2024-21613"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75753 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-Specific-TCP-traffic-causes-OFP-core-and-restart-of-RE-CVE-2024-21612"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75742 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-Due-to-an-error-in-processing-TCP-events-flowd-will-crash-CVE-2024-21601"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75740 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-MPC3E-memory-leak-with-PTP-configuration-CVE-2024-21599"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75748 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-and-EX9200-Series-If-the-tcp-reset-option-used-in-an-IPv6-filter-matched-packets-are-accepted-instead-of-rejected-CVE-2024-21607"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75744 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-Gathering-statistics-in-a-scaled-SCU-DCU-configuration-will-lead-to-a-device-crash-CVE-2024-21603"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75743 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-ACX7024-ACX7100-32C-and-ACX7100-48L-Traffic-stops-when-a-specific-IPv4-UDP-packet-is-received-by-the-RE-CVE-2024-21602"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75738 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-In-an-AF-scenario-traffic-can-bypass-configured-lo0-firewall-filters-CVE-2024-21597"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75733 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-5000-Series-Repeated-execution-of-a-specific-CLI-command-causes-a-flowd-crash-CVE-2024-21594"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75725 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Memory-leak-in-bbe-smgd-process-if-BFD-liveness-detection-for-DHCP-subscribers-is-enabled-CVE-2024-21587"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75755 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-query-via-DREND-causes-rpd-crash-CVE-2024-21614"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75735 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-BGP-UPDATE-message-will-cause-a-crash-in-the-backup-Routing-Engine-CVE-2024-21596"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75745 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-A-high-rate-of-specific-traffic-will-cause-a-complete-system-outage-CVE-2024-21604"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75729 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591"
    }
  ]
}

CERTFR-2021-AVI-953

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	SCD6000 Industrial RTU version SCD6000 SY11012 11_M et antérieures
N/A	N/A	Modicon BMENOC 0311
N/A	N/A	EVlink City (EVC1S22P4 / EVC1S7P4), EVlink Parking (EVW2 / EVF2 / EVP2PE), EVlink Smart Wallbox EVB1A toutes versions antérieures à R8 V3.4.0.2
N/A	N/A	Modicon BMENOC 0321
N/A	N/A	Modicon M580
N/A	N/A	EcoStruxure™ Power Monitoring Expert versions V9.0 et antérieures
N/A	N/A	IGSS Data Collector (dc.exe) version 15.0.0.21320 et antérieures
N/A	N/A	APDU9xxx with NMC3 version V1.0.0.28 et antérieures
N/A	N/A	AP7xxxx and AP8xxx with NMC2 version V6.9.6 et antérieures
N/A	N/A	AP7xxx and AP8xxx with NMC3 version V1.1.0.3 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SEVD-2021-348-02 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-348-01 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SSEVD-2021-348-03 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2019-281-04 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-348-04 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-05 du 14 décembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SCD6000 Industrial RTU version SCD6000 SY11012 11_M et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon BMENOC 0311",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "EVlink City (EVC1S22P4 / EVC1S7P4), EVlink Parking (EVW2 / EVF2 / EVP2PE), EVlink Smart Wallbox EVB1A toutes versions ant\u00e9rieures \u00e0 R8 V3.4.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon BMENOC 0321",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon M580",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "EcoStruxure\u2122 Power Monitoring Expert versions V9.0 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "IGSS Data Collector (dc.exe) version 15.0.0.21320 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "APDU9xxx with NMC3 version V1.0.0.28 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "AP7xxxx and AP8xxx with NMC2 version V6.9.6 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "AP7xxx and AP8xxx with NMC3 version V1.1.0.3 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-35198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
    },
    {
      "name": "CVE-2021-22725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22725"
    },
    {
      "name": "CVE-2019-6848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6848"
    },
    {
      "name": "CVE-2021-22156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22156"
    },
    {
      "name": "CVE-2021-22823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22823"
    },
    {
      "name": "CVE-2021-22818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22818"
    },
    {
      "name": "CVE-2021-22820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22820"
    },
    {
      "name": "CVE-2021-22821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22821"
    },
    {
      "name": "CVE-2021-22824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22824"
    },
    {
      "name": "CVE-2021-22822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22822"
    },
    {
      "name": "CVE-2019-6849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6849"
    },
    {
      "name": "CVE-2021-22825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22825"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2021-22724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22724"
    },
    {
      "name": "CVE-2020-28895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
    },
    {
      "name": "CVE-2021-22826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22826"
    },
    {
      "name": "CVE-2019-6850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6850"
    },
    {
      "name": "CVE-2021-22827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22827"
    },
    {
      "name": "CVE-2021-22819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22819"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-953",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-12-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-348-02 du 14 d\u00e9cembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-348-01 du 14 d\u00e9cembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SSEVD-2021-348-03 du 14 d\u00e9cembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2019-281-04 du 14 d\u00e9cembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-281-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-348-04 du 14 d\u00e9cembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 14 d\u00e9cembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05"
    }
  ]
}

CERTFR-2022-AVI-717

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Eurotherm Data Reviewer3.0.2 software versions antérieures 4.0.0
N/A	N/A	Modicon Momentum MDI (171CBU*) toutes versions
Schneider Electric	N/A	EcoStruxure Control Expert versions antérieures à 15.2
Symfony	process	EcoStruxure Process Expert versions antérieures à 2021
N/A	N/A	Modicon M580 CPU (BMEP* et BMEH*) versions antérieures à 4.01
Schneider Electric	N/A	Legacy Modicon Quantum toutes versions
N/A	N/A	OPC UA Modicon Communication Module (BMENUA0100) versions antérieures à 2.01
Schneider Electric	N/A	Modicon MC80 (BMKC80) toutes versions
Schneider Electric	Modicon M340	Modicon M340 CPU (BMXP34*) versions antérieures 3.50

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SESB-2021-347-01 du 9 août 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2019-281-02 du 9 août 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-221-01 du 9 août 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-193-01 du 9 août 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-05 du 9 août 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-221-03 du 9 août 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-221-02 du 9 août 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2018-081-01 du 9 août 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-222-04 du 9 août 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-194-01 du 9 août 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-221-04 du 9 août 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Eurotherm Data Reviewer3.0.2 software versions ant\u00e9rieures 4.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon Momentum MDI (171CBU*) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "EcoStruxure Control Expert versions ant\u00e9rieures \u00e0 15.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Process Expert versions ant\u00e9rieures \u00e0 2021",
      "product": {
        "name": "process",
        "vendor": {
          "name": "Symfony",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon M580 CPU (BMEP* et BMEH*) versions ant\u00e9rieures \u00e0 4.01",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Legacy Modicon Quantum toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "OPC UA Modicon Communication Module (BMENUA0100) versions ant\u00e9rieures \u00e0 2.01",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon MC80 (BMKC80) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Modicon M340 CPU (BMXP34*) versions ant\u00e9rieures 3.50",
      "product": {
        "name": "Modicon M340",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-6846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6846"
    },
    {
      "name": "CVE-2022-34760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34760"
    },
    {
      "name": "CVE-2020-35198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
    },
    {
      "name": "CVE-2021-22791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22791"
    },
    {
      "name": "CVE-2022-34762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34762"
    },
    {
      "name": "CVE-2019-6841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6841"
    },
    {
      "name": "CVE-2021-45105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
    },
    {
      "name": "CVE-2021-22779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22779"
    },
    {
      "name": "CVE-2021-22781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22781"
    },
    {
      "name": "CVE-2021-22780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22780"
    },
    {
      "name": "CVE-2021-4104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
    },
    {
      "name": "CVE-2021-22790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22790"
    },
    {
      "name": "CVE-2022-37302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37302"
    },
    {
      "name": "CVE-2022-34761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34761"
    },
    {
      "name": "CVE-2022-34759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34759"
    },
    {
      "name": "CVE-2022-37301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37301"
    },
    {
      "name": "CVE-2018-7241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7241"
    },
    {
      "name": "CVE-2021-22786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22786"
    },
    {
      "name": "CVE-2018-7242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7242"
    },
    {
      "name": "CVE-2019-6844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6844"
    },
    {
      "name": "CVE-2019-6842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6842"
    },
    {
      "name": "CVE-2021-22782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22782"
    },
    {
      "name": "CVE-2021-22778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22778"
    },
    {
      "name": "CVE-2022-34764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34764"
    },
    {
      "name": "CVE-2022-34763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34763"
    },
    {
      "name": "CVE-2021-45046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
    },
    {
      "name": "CVE-2022-37300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37300"
    },
    {
      "name": "CVE-2021-22789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22789"
    },
    {
      "name": "CVE-2019-6847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6847"
    },
    {
      "name": "CVE-2022-34765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34765"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2021-22792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22792"
    },
    {
      "name": "CVE-2019-6843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6843"
    },
    {
      "name": "CVE-2018-7240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7240"
    },
    {
      "name": "CVE-2011-4859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4859"
    },
    {
      "name": "CVE-2020-28895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
    },
    {
      "name": "CVE-2021-44832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
    },
    {
      "name": "CVE-2020-12525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12525"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-717",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-08-09T00:00:00.000000"
    },
    {
      "description": "Mise \u00e0 jour des liens",
      "revision_date": "2022-08-22T00:00:00.000000"
    },
    {
      "description": "Mise \u00e0 jour des liens des bulletins de s\u00e9curit\u00e9 Schneider SEVD-2022-221-01, SEVD-2022-221-02 et SEVD-2022-221-04 du 9 ao\u00fbt 2022.",
      "revision_date": "2022-09-08T00:00:00.000000"
    },
    {
      "description": "Ajout du libell\u00e9 [SCADA] dans le titre.",
      "revision_date": "2022-09-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SESB-2021-347-01 du 9 ao\u00fbt 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SESB-2021-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SESB-2021-347-01_Apache_Log4j_Log4Shell_Vulnerabilities_Security_Notification_V14.0.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2019-281-02 du 9 ao\u00fbt 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-281-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2019-281-02_Modicon_Controllers_Security_Notification_V3.0.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-01 du 9 ao\u00fbt 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-01_EcoStruxure_Control_Expert_Modicon580_Security_Notification_V1.1.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-193-01 du 9 ao\u00fbt 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules_Security_Notification_V3.0.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 9 ao\u00fbt 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V10.0.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-03 du 9 ao\u00fbt 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-03_EcoStruxure_Control_Expert_Security_Notification.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-02 du 9 ao\u00fbt 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-02_Modicon_Controllers_Security_Notification_V1.1.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2018-081-01 du 9 ao\u00fbt 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2018-081-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2018-081-01_Embedded_FTP_Servers_for_Modicon_PAC_Controllers_Security_Notification_V3.0.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-222-04 du 9 ao\u00fbt 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-222-04_Modicon_PAC_Controllers_PLC_Simulator_Control_Expert_Process_Expert_Security_Notification_V2.0.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-01 du 9 ao\u00fbt 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-194-01_EcoStruxure_Control_Expert_Process_Expert_SCADAPack_RemoteConnect_Modicon_M580_M340_Security_Notifcation_V4.0.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-04 du 9 ao\u00fbt 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-04-Modicon_Controllers_Ethernet_Modules_Security_Notification_V1.1.pdf"
    }
  ]
}

CERTFR-2025-AVI-0855

Vulnerability from certfr_avis - Published: 2025-10-09 - Updated: 2025-10-09

De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS	Junos OS versions 24.4 antérieures à 24.4R2
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 22.4R3-S8-EVO
Juniper Networks	Junos OS	Junos OS versions 23.4 antérieures à 23.4R2-S5
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 23.2-EVO antérieures à 23.2R2-S4-EVO
Juniper Networks	Junos OS	Junos OS versions antérieures à 22.4R3-S8
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 24.2-EVO antérieures à 24.2R2-S2-EVO
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 24.4-EVO antérieures à 24.4R2-EVO
Juniper Networks	Junos Space	Junos Space versions antérieures à 24.1R4
Juniper Networks	Security Director	Security Director Policy Enforcer versions antérieures à 23.1R1 Hotpatch v3
Juniper Networks	Junos Space	Junos Space Security Director versions antérieures à 24.1R4
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 23.4-EVO antérieures à 23.4R2-S5-EVO
Juniper Networks	Junos OS	Junos OS versions 23.2 antérieures à 23.2R2-S4
Juniper Networks	Junos OS	Junos OS versions 24.2 antérieures à 24.2R2-S1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks JSA103140	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103141	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103163	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103168	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103171	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103167	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103156	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103437	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103172	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103157	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103170	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103139	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103151	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103153	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103147	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103144	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103143	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103146	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103138	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103165	2025-10-08	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS versions 24.4 ant\u00e9rieures \u00e0 24.4R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions  ant\u00e9rieures \u00e0 22.4R3-S8-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R2-S5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-S4-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 22.4R3-S8",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 24.2-EVO ant\u00e9rieures \u00e0 24.2R2-S2-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 24.4-EVO ant\u00e9rieures \u00e0 24.4R2-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R4",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Security Director Policy Enforcer versions ant\u00e9rieures \u00e0 23.1R1 Hotpatch v3",
      "product": {
        "name": "Security Director",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space Security Director versions ant\u00e9rieures \u00e0 24.1R4",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-S5-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.2 ant\u00e9rieures \u00e0 23.2R2-S4",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 24.2 ant\u00e9rieures \u00e0 24.2R2-S1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-24795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24795"
    },
    {
      "name": "CVE-2024-36903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36903"
    },
    {
      "name": "CVE-2023-44431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44431"
    },
    {
      "name": "CVE-2021-47606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47606"
    },
    {
      "name": "CVE-2025-59993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59993"
    },
    {
      "name": "CVE-2025-59997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59997"
    },
    {
      "name": "CVE-2023-7104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
    },
    {
      "name": "CVE-2025-59995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59995"
    },
    {
      "name": "CVE-2024-21235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
    },
    {
      "name": "CVE-2023-28466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28466"
    },
    {
      "name": "CVE-2024-36921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36921"
    },
    {
      "name": "CVE-2025-59986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59986"
    },
    {
      "name": "CVE-2025-60009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60009"
    },
    {
      "name": "CVE-2025-59989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59989"
    },
    {
      "name": "CVE-2024-26897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26897"
    },
    {
      "name": "CVE-2023-46103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46103"
    },
    {
      "name": "CVE-2024-27052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
    },
    {
      "name": "CVE-2023-2235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2235"
    },
    {
      "name": "CVE-2025-59999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59999"
    },
    {
      "name": "CVE-2025-59994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59994"
    },
    {
      "name": "CVE-2024-4076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4076"
    },
    {
      "name": "CVE-2025-59967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59967"
    },
    {
      "name": "CVE-2022-24805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24805"
    },
    {
      "name": "CVE-2024-12797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
    },
    {
      "name": "CVE-2023-3390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3390"
    },
    {
      "name": "CVE-2024-37356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37356"
    },
    {
      "name": "CVE-2024-47538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47538"
    },
    {
      "name": "CVE-2023-4004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4004"
    },
    {
      "name": "CVE-2024-21823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21823"
    },
    {
      "name": "CVE-2025-59991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59991"
    },
    {
      "name": "CVE-2024-5564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5564"
    },
    {
      "name": "CVE-2024-26600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26600"
    },
    {
      "name": "CVE-2023-28746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
    },
    {
      "name": "CVE-2023-52864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52864"
    },
    {
      "name": "CVE-2025-26600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26600"
    },
    {
      "name": "CVE-2024-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
    },
    {
      "name": "CVE-2024-27280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27280"
    },
    {
      "name": "CVE-2024-36929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36929"
    },
    {
      "name": "CVE-2023-35788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
    },
    {
      "name": "CVE-2025-59982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59982"
    },
    {
      "name": "CVE-2024-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
    },
    {
      "name": "CVE-2023-43785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43785"
    },
    {
      "name": "CVE-2024-30205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30205"
    },
    {
      "name": "CVE-2018-17247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17247"
    },
    {
      "name": "CVE-2025-60004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60004"
    },
    {
      "name": "CVE-2023-51594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51594"
    },
    {
      "name": "CVE-2024-22025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
    },
    {
      "name": "CVE-2023-50229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50229"
    },
    {
      "name": "CVE-2025-59974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59974"
    },
    {
      "name": "CVE-2025-26598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26598"
    },
    {
      "name": "CVE-2018-3824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3824"
    },
    {
      "name": "CVE-2024-40928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40928"
    },
    {
      "name": "CVE-2024-43398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
    },
    {
      "name": "CVE-2024-8508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8508"
    },
    {
      "name": "CVE-2024-36020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36020"
    },
    {
      "name": "CVE-2021-45105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
    },
    {
      "name": "CVE-2025-59981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59981"
    },
    {
      "name": "CVE-2023-31248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31248"
    },
    {
      "name": "CVE-2024-1737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
    },
    {
      "name": "CVE-2023-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
    },
    {
      "name": "CVE-2021-4104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
    },
    {
      "name": "CVE-2024-30203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30203"
    },
    {
      "name": "CVE-2023-3090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3090"
    },
    {
      "name": "CVE-2024-35937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35937"
    },
    {
      "name": "CVE-2025-59968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59968"
    },
    {
      "name": "CVE-2023-51592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51592"
    },
    {
      "name": "CVE-2025-59990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59990"
    },
    {
      "name": "CVE-2021-22146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22146"
    },
    {
      "name": "CVE-2025-59978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59978"
    },
    {
      "name": "CVE-2024-25629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
    },
    {
      "name": "CVE-2024-36017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36017"
    },
    {
      "name": "CVE-2024-24806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24806"
    },
    {
      "name": "CVE-2024-27434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27434"
    },
    {
      "name": "CVE-2023-47038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
    },
    {
      "name": "CVE-2024-35852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35852"
    },
    {
      "name": "CVE-2024-38558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38558"
    },
    {
      "name": "CVE-2025-59992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59992"
    },
    {
      "name": "CVE-2024-35845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
    },
    {
      "name": "CVE-2021-41072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41072"
    },
    {
      "name": "CVE-2025-60000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60000"
    },
    {
      "name": "CVE-2022-24807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24807"
    },
    {
      "name": "CVE-2024-47607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47607"
    },
    {
      "name": "CVE-2024-27065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27065"
    },
    {
      "name": "CVE-2024-36005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36005"
    },
    {
      "name": "CVE-2023-45866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45866"
    },
    {
      "name": "CVE-2023-27349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27349"
    },
    {
      "name": "CVE-2023-0464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
    },
    {
      "name": "CVE-2015-5377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5377"
    },
    {
      "name": "CVE-2023-48161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
    },
    {
      "name": "CVE-2022-24810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24810"
    },
    {
      "name": "CVE-2024-33621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33621"
    },
    {
      "name": "CVE-2024-27983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
    },
    {
      "name": "CVE-2025-60001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60001"
    },
    {
      "name": "CVE-2024-5742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5742"
    },
    {
      "name": "CVE-2023-50230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50230"
    },
    {
      "name": "CVE-2025-52960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52960"
    },
    {
      "name": "CVE-2024-36922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36922"
    },
    {
      "name": "CVE-2025-59996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59996"
    },
    {
      "name": "CVE-2024-39487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
    },
    {
      "name": "CVE-2024-27982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
    },
    {
      "name": "CVE-2023-38575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38575"
    },
    {
      "name": "CVE-2024-35911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35911"
    },
    {
      "name": "CVE-2025-59957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59957"
    },
    {
      "name": "CVE-2025-59958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59958"
    },
    {
      "name": "CVE-2021-41043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41043"
    },
    {
      "name": "CVE-2018-17244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17244"
    },
    {
      "name": "CVE-2019-12900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
    },
    {
      "name": "CVE-2024-39908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
    },
    {
      "name": "CVE-2025-26597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26597"
    },
    {
      "name": "CVE-2024-36971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36971"
    },
    {
      "name": "CVE-2023-2603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
    },
    {
      "name": "CVE-2024-41946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
    },
    {
      "name": "CVE-2023-3776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
    },
    {
      "name": "CVE-2024-42934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42934"
    },
    {
      "name": "CVE-2023-51580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51580"
    },
    {
      "name": "CVE-2024-35848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35848"
    },
    {
      "name": "CVE-2024-27417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27417"
    },
    {
      "name": "CVE-2023-21102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21102"
    },
    {
      "name": "CVE-2024-27281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27281"
    },
    {
      "name": "CVE-2025-59983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59983"
    },
    {
      "name": "CVE-2024-36941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36941"
    },
    {
      "name": "CVE-2024-2236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
    },
    {
      "name": "CVE-2024-38428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
    },
    {
      "name": "CVE-2024-35969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35969"
    },
    {
      "name": "CVE-2021-45046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
    },
    {
      "name": "CVE-2025-60006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60006"
    },
    {
      "name": "CVE-2024-36489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36489"
    },
    {
      "name": "CVE-2015-1427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1427"
    },
    {
      "name": "CVE-2024-38575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38575"
    },
    {
      "name": "CVE-2024-35899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35899"
    },
    {
      "name": "CVE-2024-35823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35823"
    },
    {
      "name": "CVE-2024-40954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
    },
    {
      "name": "CVE-2024-9632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9632"
    },
    {
      "name": "CVE-2023-38408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
    },
    {
      "name": "CVE-2025-26595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26595"
    },
    {
      "name": "CVE-2024-26868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26868"
    },
    {
      "name": "CVE-2023-43787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43787"
    },
    {
      "name": "CVE-2023-43786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43786"
    },
    {
      "name": "CVE-2024-8235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8235"
    },
    {
      "name": "CVE-2023-4147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4147"
    },
    {
      "name": "CVE-2025-59977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59977"
    },
    {
      "name": "CVE-2023-6004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
    },
    {
      "name": "CVE-2023-3610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3610"
    },
    {
      "name": "CVE-2025-26596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26596"
    },
    {
      "name": "CVE-2024-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
    },
    {
      "name": "CVE-2022-48622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48622"
    },
    {
      "name": "CVE-2021-42550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42550"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2024-26828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26828"
    },
    {
      "name": "CVE-2025-59998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59998"
    },
    {
      "name": "CVE-2024-26808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26808"
    },
    {
      "name": "CVE-2024-30204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30204"
    },
    {
      "name": "CVE-2025-60002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60002"
    },
    {
      "name": "CVE-2023-35001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
    },
    {
      "name": "CVE-2024-27282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27282"
    },
    {
      "name": "CVE-2018-3831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3831"
    },
    {
      "name": "CVE-2023-43490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43490"
    },
    {
      "name": "CVE-2025-59976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59976"
    },
    {
      "name": "CVE-2025-59980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59980"
    },
    {
      "name": "CVE-2025-26599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26599"
    },
    {
      "name": "CVE-2024-47615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47615"
    },
    {
      "name": "CVE-2018-3823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3823"
    },
    {
      "name": "CVE-2023-22655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22655"
    },
    {
      "name": "CVE-2024-6126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6126"
    },
    {
      "name": "CVE-2023-4911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
    },
    {
      "name": "CVE-2023-39368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39368"
    },
    {
      "name": "CVE-2021-44832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
    },
    {
      "name": "CVE-2024-26853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26853"
    },
    {
      "name": "CVE-2025-59975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59975"
    },
    {
      "name": "CVE-2025-0624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0624"
    },
    {
      "name": "CVE-2025-59987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59987"
    },
    {
      "name": "CVE-2024-40958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
    },
    {
      "name": "CVE-2018-3826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3826"
    },
    {
      "name": "CVE-2025-26601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26601"
    },
    {
      "name": "CVE-2024-52337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52337"
    },
    {
      "name": "CVE-2025-59985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59985"
    },
    {
      "name": "CVE-2025-11198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11198"
    },
    {
      "name": "CVE-2022-24806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24806"
    },
    {
      "name": "CVE-2023-32233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32233"
    },
    {
      "name": "CVE-2024-35789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35789"
    },
    {
      "name": "CVE-2024-26327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26327"
    },
    {
      "name": "CVE-2015-3253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3253"
    },
    {
      "name": "CVE-2025-59964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59964"
    },
    {
      "name": "CVE-2025-59988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59988"
    },
    {
      "name": "CVE-2024-21210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
    },
    {
      "name": "CVE-2024-2511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
    },
    {
      "name": "CVE-2024-34397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
    },
    {
      "name": "CVE-2023-45733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45733"
    },
    {
      "name": "CVE-2021-40153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40153"
    },
    {
      "name": "CVE-2024-6655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6655"
    },
    {
      "name": "CVE-2024-41123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
    },
    {
      "name": "CVE-2024-27049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27049"
    },
    {
      "name": "CVE-2025-59984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59984"
    },
    {
      "name": "CVE-2025-52961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52961"
    },
    {
      "name": "CVE-2023-51589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51589"
    },
    {
      "name": "CVE-2024-21217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
    },
    {
      "name": "CVE-2024-28182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
    },
    {
      "name": "CVE-2021-3903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3903"
    },
    {
      "name": "CVE-2024-35800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35800"
    },
    {
      "name": "CVE-2023-2124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
    },
    {
      "name": "CVE-2023-51596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51596"
    },
    {
      "name": "CVE-2025-60010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60010"
    },
    {
      "name": "CVE-2023-51764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51764"
    },
    {
      "name": "CVE-2025-26594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26594"
    },
    {
      "name": "CVE-2024-6409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6409"
    },
    {
      "name": "CVE-2024-49761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
    },
    {
      "name": "CVE-2022-24808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24808"
    },
    {
      "name": "CVE-2025-59962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59962"
    },
    {
      "name": "CVE-2024-21208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    },
    {
      "name": "CVE-2024-40961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40961"
    }
  ],
  "initial_release_date": "2025-10-09T00:00:00",
  "last_revision_date": "2025-10-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0855",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
  "vendor_advisories": [
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103140",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Multiple-XSS-vulnerabilities-resolved-in-24-1R4-release"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103141",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R4-release"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103163",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-Multiple-OS-command-injection-vulnerabilities-fixed-CVE-2025-60006"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103168",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Device-allows-login-for-user-with-expired-password-CVE-2025-60010"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103171",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Reflected-client-side-HTTP-parameter-pollution-vulnerability-in-web-interface-CVE-2025-59977"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103167",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-When-a-user-with-the-name-ftp-or-anonymous-is-configured-unauthenticated-filesystem-access-is-allowed-CVE-2025-59980"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103156",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-ACX7024-ACX7024X-ACX7100-32C-ACX7100-48L-ACX7348-ACX7509-When-specific-valid-multicast-traffic-is-received-on-the-L3-interface-a-vulnerable-device-evo-pfemand-crashes-and-restarts-CVE-2025-59967"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103437",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Security-Director-Policy-Enforcer-An-unrestricted-API-allows-a-network-based-unauthenticated-attacker-to-deploy-malicious-vSRX-images-to-VMWare-NSX-Server-CVE-2025-11198"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103172",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Flooding-device-with-inbound-API-calls-leads-to-WebUI-and-CLI-management-access-DoS-CVE-2025-59975"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103157",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Juniper-Security-Director-Insufficient-authorization-for-sensitive-resources-in-web-interface-CVE-2025-59968"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103170",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Arbitrary-file-download-vulnerability-in-web-interface-CVE-2025-59976"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103139",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R4"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103151",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-BGP-sharding-enabled-change-in-indirect-next-hop-can-cause-RPD-crash-CVE-2025-59962"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103153",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-SRX4700-When-forwarding-options-sampling-is-enabled-any-traffic-destined-to-the-RE-will-cause-the-forwarding-line-card-to-crash-and-restart-CVE-2025-59964"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103147",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-When-firewall-filter-rejects-traffic-these-packets-are-erroneously-sent-to-the-RE-CVE-2025-59958"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103144",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-except-PTX10003-An-unauthenticated-adjacent-attacker-sending-specific-valid-traffic-can-cause-a-memory-leak-in-cfmman-leading-to-FPC-crash-and-restart-CVE-2025-52961"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103143",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-Receipt-of-specific-SIP-packets-in-a-high-utilization-situation-causes-a-flowd-crash-CVE-2025-52960"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103146",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-EX4600-Series-and-QFX5000-Series-An-attacker-with-physical-access-can-open-a-persistent-backdoor-CVE-2025-59957"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103138",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R4-by-upgrading-Log4j-Java-library-to-2-23-1-and-ElasticSearch-to-6-8-17"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103165",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Specific-BGP-EVPN-update-message-causes-rpd-crash-CVE-2025-60004"
    }
  ]
}

CERTFR-2022-AVI-568

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.5 sans le correctif de sécurité 7.5.0-QRADAR-PROTOCOL-ApacheKafka-7.5-20220429171113
IBM	N/A	IBM Disconnected Log Collector versions 1.x antérieures à 1.7.3
IBM	N/A	IBM Customer and Network Analytics for Communications Service Providers and Datasets (CNA) versions 10.0.0.x antérieures à 10.0.0.2
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.4 sans le correctif de sécurité 7.4.0-QRADAR-PROTOCOL-ApacheKafka-7.4-20220429171217
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.3 sans le correctif de sécurité 7.3.0-QRADAR-PROTOCOL-ApacheKafka-7.3-20220429171209
IBM	N/A	IBM Rational Test Control Panel component in Rational Test Workbench toutes versions sans le correctif de sécurité Rational-RTCP-<product-name>-<product-version>-CVE-2022-22965-ifix
IBM	N/A	IBM Analytic Accelerator Framework for Communication Service Providers (AAF) versions 4.0.0.x antérieures à 4.0.0.2
IBM	N/A	IBM Rational Test Control Panel component in Rational Test Virtualization Server toutes versions sans le correctif de sécurité Rational-RTCP-<product-name>-<product-version>-CVE-2022-22965-ifix

References

Title

Publication Time

Tags

Bulletin de sécurité les produits IBM 6595755 du 16 juin 2022	None	vendor-advisory
Bulletin de sécurité les produits IBM 6595739 du 16 juin 2022	None	vendor-advisory
Bulletin de sécurité les produits IBM 6595965 du 16 juin 2022	None	vendor-advisory
Bulletin de sécurité les produits IBM 6595721 du 16 juin 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM QRadar SIEM versions 7.5 sans le correctif de s\u00e9curit\u00e9 7.5.0-QRADAR-PROTOCOL-ApacheKafka-7.5-20220429171113",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Disconnected Log Collector versions 1.x ant\u00e9rieures \u00e0 1.7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Customer and Network Analytics for Communications Service Providers and Datasets (CNA) versions 10.0.0.x ant\u00e9rieures \u00e0 10.0.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.4 sans le correctif de s\u00e9curit\u00e9 7.4.0-QRADAR-PROTOCOL-ApacheKafka-7.4-20220429171217",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.3 sans le correctif de s\u00e9curit\u00e9 7.3.0-QRADAR-PROTOCOL-ApacheKafka-7.3-20220429171209",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Rational Test Control Panel component in Rational Test Workbench toutes versions sans le correctif de s\u00e9curit\u00e9 Rational-RTCP-\u003cproduct-name\u003e-\u003cproduct-version\u003e-CVE-2022-22965-ifix",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Analytic Accelerator Framework for Communication Service Providers (AAF) versions 4.0.0.x ant\u00e9rieures \u00e0 4.0.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Rational Test Control Panel component in Rational Test Virtualization Server toutes versions sans le correctif de s\u00e9curit\u00e9 Rational-RTCP-\u003cproduct-name\u003e-\u003cproduct-version\u003e-CVE-2022-22965-ifix",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-12384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
    },
    {
      "name": "CVE-2019-17267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
    },
    {
      "name": "CVE-2014-0075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
    },
    {
      "name": "CVE-2022-22965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
    },
    {
      "name": "CVE-2012-5886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5886"
    },
    {
      "name": "CVE-2021-29425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
    },
    {
      "name": "CVE-2016-6797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6797"
    },
    {
      "name": "CVE-2016-8735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8735"
    },
    {
      "name": "CVE-2020-8022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8022"
    },
    {
      "name": "CVE-2013-4286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4286"
    },
    {
      "name": "CVE-2020-9546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
    },
    {
      "name": "CVE-2012-5885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5885"
    },
    {
      "name": "CVE-2020-10673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
    },
    {
      "name": "CVE-2020-35728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
    },
    {
      "name": "CVE-2014-0119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
    },
    {
      "name": "CVE-2013-4590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4590"
    },
    {
      "name": "CVE-2020-36181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
    },
    {
      "name": "CVE-2020-9548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
    },
    {
      "name": "CVE-2020-36182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
    },
    {
      "name": "CVE-2020-24616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
    },
    {
      "name": "CVE-2020-36185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
    },
    {
      "name": "CVE-2019-17195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17195"
    },
    {
      "name": "CVE-2019-16942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
    },
    {
      "name": "CVE-2014-0227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0227"
    },
    {
      "name": "CVE-2020-9547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
    },
    {
      "name": "CVE-2016-0706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0706"
    },
    {
      "name": "CVE-2020-36179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
    },
    {
      "name": "CVE-2020-36186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
    },
    {
      "name": "CVE-2020-36189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
    },
    {
      "name": "CVE-2020-35490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
    },
    {
      "name": "CVE-2021-20190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
    },
    {
      "name": "CVE-2021-45105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
    },
    {
      "name": "CVE-2019-16335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
    },
    {
      "name": "CVE-2016-0714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0714"
    },
    {
      "name": "CVE-2012-4431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4431"
    },
    {
      "name": "CVE-2019-14893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
    },
    {
      "name": "CVE-2014-0230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0230"
    },
    {
      "name": "CVE-2020-11113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
    },
    {
      "name": "CVE-2014-0099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
    },
    {
      "name": "CVE-2013-2185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2185"
    },
    {
      "name": "CVE-2020-10672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
    },
    {
      "name": "CVE-2019-14439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
    },
    {
      "name": "CVE-2020-10969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
    },
    {
      "name": "CVE-2016-6794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6794"
    },
    {
      "name": "CVE-2020-36187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
    },
    {
      "name": "CVE-2015-5174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5174"
    },
    {
      "name": "CVE-2021-27568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27568"
    },
    {
      "name": "CVE-2013-2067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2067"
    },
    {
      "name": "CVE-2021-33813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33813"
    },
    {
      "name": "CVE-2020-11620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
    },
    {
      "name": "CVE-2020-24750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
    },
    {
      "name": "CVE-2021-38153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38153"
    },
    {
      "name": "CVE-2016-6816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6816"
    },
    {
      "name": "CVE-2018-17196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17196"
    },
    {
      "name": "CVE-2019-16943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
    },
    {
      "name": "CVE-2012-3546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3546"
    },
    {
      "name": "CVE-2019-20330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
    },
    {
      "name": "CVE-2020-14195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
    },
    {
      "name": "CVE-2016-5018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5018"
    },
    {
      "name": "CVE-2018-10237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
    },
    {
      "name": "CVE-2019-12814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
    },
    {
      "name": "CVE-2020-35491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
    },
    {
      "name": "CVE-2019-17531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
    },
    {
      "name": "CVE-2013-4322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4322"
    },
    {
      "name": "CVE-2021-45046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
    },
    {
      "name": "CVE-2020-14061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
    },
    {
      "name": "CVE-2012-4534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4534"
    },
    {
      "name": "CVE-2020-11619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
    },
    {
      "name": "CVE-2020-36183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
    },
    {
      "name": "CVE-2014-7810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7810"
    },
    {
      "name": "CVE-2020-8840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
    },
    {
      "name": "CVE-2020-8908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
    },
    {
      "name": "CVE-2016-0762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0762"
    },
    {
      "name": "CVE-2020-36184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
    },
    {
      "name": "CVE-2014-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0033"
    },
    {
      "name": "CVE-2020-36180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2019-14540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
    },
    {
      "name": "CVE-2019-12086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
    },
    {
      "name": "CVE-2013-4444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4444"
    },
    {
      "name": "CVE-2012-3544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
    },
    {
      "name": "CVE-2012-5887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5887"
    },
    {
      "name": "CVE-2020-10968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
    },
    {
      "name": "CVE-2017-5647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5647"
    },
    {
      "name": "CVE-2020-25649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
    },
    {
      "name": "CVE-2019-14379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
    },
    {
      "name": "CVE-2015-5345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5345"
    },
    {
      "name": "CVE-2020-11112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
    },
    {
      "name": "CVE-2020-11111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
    },
    {
      "name": "CVE-2016-5388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5388"
    },
    {
      "name": "CVE-2014-0096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
    },
    {
      "name": "CVE-2012-2733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2733"
    },
    {
      "name": "CVE-2020-14060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
    },
    {
      "name": "CVE-2020-36188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
    },
    {
      "name": "CVE-2016-6796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6796"
    },
    {
      "name": "CVE-2019-14892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
    },
    {
      "name": "CVE-2020-14062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-568",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595755 du 16 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6595755"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595739 du 16 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6595739"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595965 du 16 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6595965"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595721 du 16 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6595721"
    }
  ]
}

CERTFR-2022-AVI-124

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Système affecté	Lien vers l'avis éditeur
Advantage Navigator Energy & Sustainability	Lien
Advantage Navigator Software Proxy V6	Lien
Building Operator Discovery Distribution for the Connect X200 Gateway	Lien
Building Operator Discovery Distribution for the Connect X300 Gateway	Lien
Building Twin - 360° Viewer	Lien
Capital	Lien
Cerberus DMS	Lien
CloudConnect 712	Lien
COMOS	Lien
COMOS V10.2	Lien
COMOS V10.3	Lien
COMOS V10.4	Lien
cRSP Operator Client Starter	Lien
cRSP	Lien
Desigo CC	Lien
Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller	Lien
Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller	Lien
Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller	Lien
Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller	Lien
Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller	Lien
Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200	Lien
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200	Lien
E-Car OC Cloud Application	Lien
Energy Engage	Lien
EnergyIP Prepay V3.7	Lien
EnergyIP Prepay V3.8	Lien
EnergyIP	Lien
Enlighted Amaze	Lien
Enlighted Where	Lien
Geolus Shape Search V10	Lien
Geolus Shape Search V11	Lien
GMA-Manager	Lien
HEEDS Connect	Lien
HES UDIS	Lien
IE/AS-i Link PN IO	Lien
IE/PB-Link (incl. SIPLUS NET variants)	Lien
IE/PB LINK PN IO (incl. SIPLUS NET variants)	Lien
Industrial Edge Hub	Lien
Industrial Edge Management App (IEM-App)	Lien
Industrial Edge Management OS (IEM-OS)	Lien
jROS for Spectrum Power 4	Lien
jROS for Spectrum Power 7	Lien
JT2Go	Lien
KTK ATE530S	Lien
LOGO! CMR2020	Lien
LOGO! CMR2040	Lien
Mendix Applications	Lien
MindSphere App Management Cockpits (Developer& Operator)	Lien
MindSphere Asset Manager	Lien
Mindsphere Cloud Foundry	Lien
Mindsphere Cloud Platform	Lien
MindSphere IAM (User Management/ Settings)	Lien
MindSphere Integrated Data Lake	Lien
MindSphere Notification Service	Lien
MindSphere Predictive Learning	Lien
MindSphere Usage Transparency Service	Lien
MindSphere Visual Explorer	Lien
NXpower Monitor	Lien
NX	Lien
Opcenter EX CP Process Automation Control	Lien
Opcenter Execution Core Process Automation Control	Lien
Opcenter Intelligence	Lien
Operation Scheduler	Lien
PROFINET Driver for Controller	Lien
PSS(R)CAPE	Lien
RFID 181EIP	Lien
ROX II	Lien
RUGGEDCOM APE1404 Linux	Lien
RUGGEDCOM CROSSBOW Station Access Controller	Lien
RUGGEDCOM RCM1224	Lien
RUGGEDCOM RM1224 LTE(4G) EU	Lien
RUGGEDCOM RM1224 LTE(4G) EU	Lien
RUGGEDCOM RM1224 LTE(4G) NAM	Lien
RUGGEDCOM RM1224 LTE(4G) NAM	Lien
RUGGEDCOM RM1224	Lien
RUGGEDCOM RM1224	Lien
RUGGEDCOM RM1224	Lien
RUGGEDCOM ROX MX5000RE	Lien
RUGGEDCOM ROX MX5000	Lien
RUGGEDCOM ROX RX1400	Lien
RUGGEDCOM ROX RX1500	Lien
RUGGEDCOM ROX RX1501	Lien
RUGGEDCOM ROX RX1510	Lien
RUGGEDCOM ROX RX1511	Lien
RUGGEDCOM ROX RX1512	Lien
RUGGEDCOM ROX RX1524	Lien
RUGGEDCOM ROX RX1536	Lien
RUGGEDCOM ROX RX5000	Lien
RUGGEDCOM RX1400 VPE Debian Linux	Lien
RUGGEDCOM RX1400 VPE Linux CloudConnect	Lien
SCALANCE LPE9403	Lien
SCALANCE M-800 / S615	Lien
SCALANCE M-800	Lien
SCALANCE M804PB	Lien
SCALANCE M804PB	Lien
SCALANCE M804PB	Lien
SCALANCE M804PB	Lien
SCALANCE M804PB	Lien
SCALANCE M812-1 ADSL-Router (Annex A)	Lien
SCALANCE M812-1 ADSL-Router (Annex A)	Lien
SCALANCE M812-1 ADSL-Router (Annex A)	Lien
SCALANCE M812-1 ADSL-Router (Annex A)	Lien
SCALANCE M812-1 ADSL-Router (Annex B)	Lien
SCALANCE M812-1 ADSL-Router (Annex B)	Lien
SCALANCE M812-1 ADSL-Router (Annex B)	Lien
SCALANCE M812-1 ADSL-Router (Annex B)	Lien
SCALANCE M812-1 ADSL-Router	Lien
SCALANCE M816-1 ADSL-Router (Annex A)	Lien
SCALANCE M816-1 ADSL-Router (Annex A)	Lien
SCALANCE M816-1 ADSL-Router (Annex A)	Lien
SCALANCE M816-1 ADSL-Router (Annex A)	Lien
SCALANCE M816-1 ADSL-Router (Annex B)	Lien
SCALANCE M816-1 ADSL-Router (Annex B)	Lien
SCALANCE M816-1 ADSL-Router (Annex B)	Lien
SCALANCE M816-1 ADSL-Router (Annex B)	Lien
SCALANCE M816-1 ADSL-Router	Lien
SCALANCE M826-2 SHDSL-Router	Lien
SCALANCE M826-2 SHDSL-Router	Lien
SCALANCE M826-2 SHDSL-Router	Lien
SCALANCE M826-2 SHDSL-Router	Lien
SCALANCE M826-2 SHDSL-Router	Lien
SCALANCE M874-2	Lien
SCALANCE M874-2	Lien
SCALANCE M874-2	Lien
SCALANCE M874-2	Lien
SCALANCE M874-2	Lien
SCALANCE M874-3	Lien
SCALANCE M874-3	Lien
SCALANCE M874-3	Lien
SCALANCE M874-3	Lien
SCALANCE M874-3	Lien
SCALANCE M875	Lien
SCALANCE M876-3 (ROK)	Lien
SCALANCE M876-3 (ROK)	Lien
SCALANCE M876-3 (ROK)	Lien
SCALANCE M876-3 (ROK)	Lien
SCALANCE M876-3 (ROK)	Lien
SCALANCE M876-3	Lien
SCALANCE M876-3	Lien
SCALANCE M876-3	Lien
SCALANCE M876-3	Lien
SCALANCE M876-3	Lien
SCALANCE M876-4 (EU)	Lien
SCALANCE M876-4 (EU)	Lien
SCALANCE M876-4 (EU)	Lien
SCALANCE M876-4 (EU)	Lien
SCALANCE M876-4 (EU)	Lien
SCALANCE M876-4 (NAM)	Lien
SCALANCE M876-4 (NAM)	Lien
SCALANCE M876-4 (NAM)	Lien
SCALANCE M876-4 (NAM)	Lien
SCALANCE M876-4 (NAM)	Lien
SCALANCE MUM856-1 (EU)	Lien
SCALANCE MUM856-1 (EU)	Lien
SCALANCE MUM856-1 (RoW)	Lien
SCALANCE MUM856-1 (RoW)	Lien
SCALANCE S602	Lien
SCALANCE S602	Lien
SCALANCE S602	Lien
SCALANCE S612	Lien
SCALANCE S612	Lien
SCALANCE S612	Lien
SCALANCE S615	Lien
SCALANCE S615	Lien
SCALANCE S615	Lien
SCALANCE S615	Lien
SCALANCE S615	Lien
SCALANCE S623	Lien
SCALANCE S623	Lien
SCALANCE S623	Lien
SCALANCE S627-2M	Lien
SCALANCE S627-2M	Lien
SCALANCE S627-2M	Lien
SCALANCE SC622-2C	Lien
SCALANCE SC622-2C	Lien
SCALANCE SC622-2C	Lien
SCALANCE SC622-2C	Lien
SCALANCE SC632-2C	Lien
SCALANCE SC632-2C	Lien
SCALANCE SC632-2C	Lien
SCALANCE SC632-2C	Lien
SCALANCE SC636-2C	Lien
SCALANCE SC636-2C	Lien
SCALANCE SC636-2C	Lien
SCALANCE SC636-2C	Lien
SCALANCE SC642-2C	Lien
SCALANCE SC642-2C	Lien
SCALANCE SC642-2C	Lien
SCALANCE SC642-2C	Lien
SCALANCE SC646-2C	Lien
SCALANCE SC646-2C	Lien
SCALANCE SC646-2C	Lien
SCALANCE SC646-2C	Lien
SCALANCE W-1700 IEEE 802.11ac family	Lien
SCALANCE W-1700 IEEE 802.11ac family	Lien
SCALANCE W-1700 IEEE 802.11ac family	Lien
SCALANCE W1748-1 M12	Lien
SCALANCE W1748-1 M12	Lien
SCALANCE W1750D	Lien
SCALANCE W1750D	Lien
SCALANCE W1788-1 M12	Lien
SCALANCE W1788-1 M12	Lien
SCALANCE W1788-2 EEC M12	Lien
SCALANCE W1788-2 EEC M12	Lien
SCALANCE W1788-2IA M12	Lien
SCALANCE W1788-2IA M12	Lien
SCALANCE W1788-2 M12	Lien
SCALANCE W1788-2 M12	Lien
SCALANCE W-700 IEEE 802.11n family	Lien
SCALANCE W-700 IEEE 802.11n family	Lien
SCALANCE W-700 IEEE 802.11n family	Lien
SCALANCE W-700 IEEE 802.11n family	Lien
SCALANCE W700	Lien
SCALANCE W721-1 RJ45	Lien
SCALANCE W721-1 RJ45	Lien
SCALANCE W722-1 RJ45	Lien
SCALANCE W722-1 RJ45	Lien
SCALANCE W734-1 RJ45	Lien
SCALANCE W734-1 RJ45	Lien
SCALANCE W734-1 RJ45 (USA)	Lien
SCALANCE W734-1 RJ45 (USA)	Lien
SCALANCE W738-1 M12	Lien
SCALANCE W738-1 M12	Lien
SCALANCE W748-1 M12	Lien
SCALANCE W748-1 M12	Lien
SCALANCE W748-1 RJ45	Lien
SCALANCE W748-1 RJ45	Lien
SCALANCE W761-1 RJ45	Lien
SCALANCE W761-1 RJ45	Lien
SCALANCE W774-1 M12 EEC	Lien
SCALANCE W774-1 M12 EEC	Lien
SCALANCE W774-1 RJ45	Lien
SCALANCE W774-1 RJ45	Lien
SCALANCE W774-1 RJ45 (USA)	Lien
SCALANCE W774-1 RJ45 (USA)	Lien
SCALANCE W778-1 M12 EEC	Lien
SCALANCE W778-1 M12 EEC	Lien
SCALANCE W778-1 M12 EEC (USA)	Lien
SCALANCE W778-1 M12 EEC (USA)	Lien
SCALANCE W778-1 M12	Lien
SCALANCE W778-1 M12	Lien
SCALANCE W786-1 RJ45	Lien
SCALANCE W786-1 RJ45	Lien
SCALANCE W786-2IA RJ45	Lien
SCALANCE W786-2IA RJ45	Lien
SCALANCE W786-2 RJ45	Lien
SCALANCE W786-2 RJ45	Lien
SCALANCE W786-2 SFP	Lien
SCALANCE W786-2 SFP	Lien
SCALANCE W788-1 M12	Lien
SCALANCE W788-1 M12	Lien
SCALANCE W788-1 RJ45	Lien
SCALANCE W788-1 RJ45	Lien
SCALANCE W788-2 M12 EEC	Lien
SCALANCE W788-2 M12 EEC	Lien
SCALANCE W788-2 M12	Lien
SCALANCE W788-2 M12	Lien
SCALANCE W788-2 RJ45	Lien
SCALANCE W788-2 RJ45	Lien
SCALANCE WAM763-1	Lien
SCALANCE WAM766-1 6GHz	Lien
SCALANCE WAM766-1 6GHz	Lien
SCALANCE WAM766-1 EEC 6GHz	Lien
SCALANCE WAM766-1 EEC 6GHz	Lien
SCALANCE WAM766-1 EEC	Lien
SCALANCE WAM766-1 EEC	Lien
SCALANCE WAM766-1	Lien
SCALANCE WAM766-1	Lien
SCALANCE WLC711	Lien
SCALANCE WLC712	Lien
SCALANCE WUM763-1	Lien
SCALANCE WUM766-1 6GHz	Lien
SCALANCE WUM766-1 6GHz	Lien
SCALANCE WUM766-1	Lien
SCALANCE WUM766-1	Lien
SCALANCE X200-4 P IRT	Lien
SCALANCE X200-4 P IRT	Lien
SCALANCE X-200IRT (incl. SIPLUS NET variants)	Lien
SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)	Lien
SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)	Lien
SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)	Lien
SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)	Lien
SCALANCE X-200 switch family (incl. SIPLUS NET variants)	Lien
SCALANCE X-200 switch family (incl. SIPLUS NET variants)	Lien
SCALANCE X-200 switch family (incl. SIPLUS NET variants)	Lien
SCALANCE X-200 switch family (incl. SIPLUS NET variants)	Lien
SCALANCE X201-3P IRT PRO	Lien
SCALANCE X201-3P IRT PRO	Lien
SCALANCE X201-3P IRT	Lien
SCALANCE X201-3P IRT	Lien
SCALANCE X202-2 IRT	Lien
SCALANCE X202-2 IRT	Lien
SCALANCE X202-2P IRT (incl. SIPLUS NET variant)	Lien
SCALANCE X202-2P IRT (incl. SIPLUS NET variant)	Lien
SCALANCE X202-2P IRT PRO	Lien
SCALANCE X202-2P IRT PRO	Lien
SCALANCE X204-2FM	Lien
SCALANCE X204-2FM	Lien
SCALANCE X204-2 (incl. SIPLUS NET variant)	Lien
SCALANCE X204-2LD (incl. SIPLUS NET variant)	Lien
SCALANCE X204-2LD	Lien
SCALANCE X204-2LD TS	Lien
SCALANCE X204-2LD TS	Lien
SCALANCE X204-2	Lien
SCALANCE X204-2TS	Lien
SCALANCE X204-2TS	Lien
SCALANCE X204 IRT PRO	Lien
SCALANCE X204 IRT PRO	Lien
SCALANCE X204 IRT	Lien
SCALANCE X204 IRT	Lien
SCALANCE X204RNA EEC (HSR)	Lien
SCALANCE X204RNA EEC (HSR)	Lien
SCALANCE X204RNA EEC (PRP/HSR)	Lien
SCALANCE X204RNA EEC (PRP/HSR)	Lien
SCALANCE X204RNA EEC (PRP)	Lien
SCALANCE X204RNA EEC (PRP)	Lien
SCALANCE X204RNA (HSR)	Lien
SCALANCE X204RNA (HSR)	Lien
SCALANCE X204RNA (PRP)	Lien
SCALANCE X204RNA (PRP)	Lien
SCALANCE X206-1LD (incl. SIPLUS NET variant)	Lien
SCALANCE X206-1LD	Lien
SCALANCE X206-1	Lien
SCALANCE X206-1	Lien
SCALANCE X208 (incl. SIPLUS NET variant)	Lien
SCALANCE X208PRO	Lien
SCALANCE X208PRO	Lien
SCALANCE X208	Lien
SCALANCE X212-2LD	Lien
SCALANCE X212-2LD	Lien
SCALANCE X212-2	Lien
SCALANCE X212-2	Lien
SCALANCE X216	Lien
SCALANCE X216	Lien
SCALANCE X224	Lien
SCALANCE X224	Lien
SCALANCE X-300 (incl. X408 and SIPLUS NET variants)	Lien
SCALANCE X-300 switch family (incl. SIPLUS NET variants)	Lien
SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)	Lien
SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)	Lien
SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)	Lien
SCALANCE X302-7 EEC (230V coated)	Lien
SCALANCE X302-7 EEC (230V)	Lien
SCALANCE X302-7 EEC (24V coated)	Lien
SCALANCE X302-7 EEC (24V)	Lien
SCALANCE X302-7 EEC (2x 230V coated)	Lien
SCALANCE X302-7 EEC (2x 230V)	Lien
SCALANCE X302-7 EEC (2x 24V coated)	Lien
SCALANCE X302-7 EEC (2x 24V)	Lien
SCALANCE X302-7EEC	Lien
SCALANCE X304-2FE	Lien
SCALANCE X304-2FE	Lien
SCALANCE X306-1LD FE	Lien
SCALANCE X306-1LDFE	Lien
SCALANCE X307-2 EEC (230V coated)	Lien
SCALANCE X307-2 EEC (230V)	Lien
SCALANCE X307-2 EEC (24V coated)	Lien
SCALANCE X307-2 EEC (24V)	Lien
SCALANCE X307-2 EEC (2x 230V coated)	Lien
SCALANCE X307-2 EEC (2x 230V)	Lien
SCALANCE X307-2 EEC (2x 24V coated)	Lien
SCALANCE X307-2 EEC (2x 24V)	Lien
SCALANCE X307-2EEC	Lien
SCALANCE X307-3LD	Lien
SCALANCE X307-3LD	Lien
SCALANCE X307-3	Lien
SCALANCE X307-3	Lien
SCALANCE X308-2 (incl. SIPLUS NET variant)	Lien
SCALANCE X308-2LD	Lien
SCALANCE X308-2LD	Lien
SCALANCE X308-2LH+	Lien
SCALANCE X308-2LH	Lien
SCALANCE X308-2LH+	Lien
SCALANCE X308-2LH	Lien
SCALANCE X308-2M PoE	Lien
SCALANCE X308-2M PoE	Lien
SCALANCE X308-2M	Lien
SCALANCE X308-2M	Lien
SCALANCE X308-2M TS	Lien
SCALANCE X308-2M TS	Lien
SCALANCE X308-2	Lien
SCALANCE X310FE	Lien
SCALANCE X310FE	Lien
SCALANCE X310	Lien
SCALANCE X310	Lien
SCALANCE X320-1-2LD FE	Lien
SCALANCE X320-1 FE	Lien
SCALANCE X320-1FE	Lien
SCALANCE X320-3LDFE	Lien
SCALANCE X408-2	Lien
SCALANCE X408	Lien
SCALANCE X414	Lien
SCALANCE XB-200	Lien
SCALANCE XB-200	Lien
SCALANCE XB-200	Lien
SCALANCE XC-200	Lien
SCALANCE XC-200	Lien
SCALANCE XC-200	Lien
SCALANCE XF-200BA	Lien
SCALANCE XF-200BA	Lien
SCALANCE XF-200BA	Lien
SCALANCE XF201-3P IRT	Lien
SCALANCE XF201-3P IRT	Lien
SCALANCE XF202-2P IRT	Lien
SCALANCE XF202-2P IRT	Lien
SCALANCE XF204-2BA IRT	Lien
SCALANCE XF204-2BA IRT	Lien
SCALANCE XF204-2 (incl. SIPLUS NET variant)	Lien
SCALANCE XF204-2	Lien
SCALANCE XF204 IRT	Lien
SCALANCE XF204 IRT	Lien
SCALANCE XF204	Lien
SCALANCE XF204	Lien
SCALANCE XF206-1	Lien
SCALANCE XF206-1	Lien
SCALANCE XF208	Lien
SCALANCE XF208	Lien
SCALANCE XM-400 Family	Lien
SCALANCE XM400	Lien
SCALANCE XM-400	Lien
SCALANCE XM-400	Lien
SCALANCE XP-200	Lien
SCALANCE XP-200	Lien
SCALANCE XP-200	Lien
SCALANCE XR-300WG	Lien
SCALANCE XR-300WG	Lien
SCALANCE XR-300WG	Lien
SCALANCE XR324-12M (230V ports on front)	Lien
SCALANCE XR324-12M (230V ports on rear)	Lien
SCALANCE XR324-12M (24V ports on front)	Lien
SCALANCE XR324-12M (24V ports on rear)	Lien
SCALANCE XR324-12M	Lien
SCALANCE XR324-12M TS (24V)	Lien
SCALANCE XR324-12M TS	Lien
SCALANCE XR324-4M EEC (100-240VAC/60-250VDC ports on front)	Lien
SCALANCE XR324-4M EEC (100-240VAC/60-250VDC ports on rear)	Lien
SCALANCE XR324-4M EEC (24V ports on front)	Lien
SCALANCE XR324-4M EEC (24V ports on rear)	Lien
SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC ports on front)	Lien
SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC ports on rear)	Lien
SCALANCE XR324-4M EEC	Lien
SCALANCE XR324-4M PoE	Lien
SCALANCE XR324-4M PoE TS	Lien
SCALANCE XR-500 Family	Lien
SCALANCE XR-500 Family	Lien
SCALANCE XR500	Lien
SCALANCE XR-500	Lien
SENTRON 3VA COM100/800	Lien
SENTRON 3VA DSP800	Lien
SENTRON PAC2200 (with CLP Approval)	Lien
SENTRON PAC2200 (with MID Approval)	Lien
SENTRON PAC2200 (without MID Approval)	Lien
SENTRON PAC3200	Lien
SENTRON PAC3200T	Lien
SENTRON PAC3220	Lien
SENTRON PAC4200	Lien
SENTRON powermanager V4	Lien
SICAM 230	Lien
SICAM TOOLBOX II	Lien
SIDOOR ATD430W	Lien
SIDOOR ATE530S COATED	Lien
SIDOOR ATE531S	Lien
SIGUARD DSA	Lien
SIMATIC CFU PA	Lien
SIMATIC CFU PA	Lien
SIMATIC Cloud Connect 7 CC712	Lien
SIMATIC Cloud Connect 7 CC716	Lien
SIMATIC CM 1542-1	Lien
SIMATIC CM 1542-1	Lien
SIMATIC CM 1542-1	Lien
SIMATIC CM 1542SP-1	Lien
SIMATIC Compact Field Unit	Lien
SIMATIC CP 1242-7C	Lien
SIMATIC CP 1242-7 GPRS V2	Lien
SIMATIC CP 1242-7 GPRS V2	Lien
SIMATIC CP 1242-7 GPRS V2	Lien
SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)	Lien
SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)	Lien
SIMATIC CP 1243-1 (incl. SIPLUS variants)	Lien
SIMATIC CP 1243-1 (incl. SIPLUS variants)	Lien
SIMATIC CP 1243-1 IRC (incl. SIPLUS variants)	Lien
SIMATIC CP 1243-1	Lien
SIMATIC CP 1243-1	Lien
SIMATIC CP 1243-1	Lien
SIMATIC CP 1243-7 LTE EU	Lien
SIMATIC CP 1243-7 LTE EU	Lien
SIMATIC CP 1243-7 LTE EU	Lien
SIMATIC CP 1243-7 LTE EU	Lien
SIMATIC CP 1243-7 LTE US	Lien
SIMATIC CP 1243-7 LTE US	Lien
SIMATIC CP 1243-7 LTE US	Lien
SIMATIC CP 1243-7 LTE US	Lien
SIMATIC CP 1243-8 IRC	Lien
SIMATIC CP 1243-8 IRC	Lien
SIMATIC CP 1243-8 IRC	Lien
SIMATIC CP 1243-8 IRC	Lien
SIMATIC CP 1542SP-1 IRC (incl. SIPLUS variants)	Lien
SIMATIC CP 1542SP-1 IRC (incl. SIPLUS variants)	Lien
SIMATIC CP 1542SP-1 IRC (incl. SIPLUS variants)	Lien
SIMATIC CP 1542SP-1 IRC	Lien
SIMATIC CP 1542SP-1	Lien
SIMATIC CP 1542SP-1	Lien
SIMATIC CP 1542SP-1	Lien
SIMATIC CP 1543-1 (incl. SIPLUS variants)	Lien
SIMATIC CP 1543-1	Lien
SIMATIC CP 1543-1	Lien
SIMATIC CP 1543-1	Lien
SIMATIC CP 1543-1	Lien
SIMATIC CP 1543SP-1 (incl. SIPLUS variants)	Lien
SIMATIC CP 1543SP-1 (incl. SIPLUS variants)	Lien
SIMATIC CP 1543SP-1	Lien
SIMATIC CP 1543SP-1	Lien
SIMATIC CP 1545-1	Lien
SIMATIC CP 1545-1	Lien
SIMATIC CP 1545-1	Lien
SIMATIC CP 1604	Lien
SIMATIC CP 1604	Lien
SIMATIC CP 1616 and CP 1604	Lien
SIMATIC CP1616/CP1604	Lien
SIMATIC CP 1616	Lien
SIMATIC CP 1616	Lien
SIMATIC CP 1623	Lien
SIMATIC CP 1623	Lien
SIMATIC CP1626	Lien
SIMATIC CP 1626	Lien
SIMATIC CP 1628	Lien
SIMATIC CP 1628	Lien
SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)	Lien
SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)	Lien
SIMATIC CP 343-1 Advanced	Lien
SIMATIC CP 343-1 Advanced	Lien
SIMATIC CP 343-1 Advanced	Lien
SIMATIC CP 343-1 ERPC	Lien
SIMATIC CP 343-1 (incl. SIPLUS variants)	Lien
SIMATIC CP 343-1 Lean (incl. SIPLUS variants)	Lien
SIMATIC CP 343-1 Lean	Lien
SIMATIC CP 343-1	Lien
SIMATIC CP 442-1 RNA	Lien
SIMATIC CP 442-1 RNA	Lien
SIMATIC CP 443-1 Advanced (incl. SIPLUS variants)	Lien
SIMATIC CP 443-1 Advanced (incl. SIPLUS variants)	Lien
SIMATIC CP 443-1 Advanced (incl. SIPLUS variants)	Lien
SIMATIC CP 443-1 Advanced	Lien
SIMATIC CP 443-1 Advanced	Lien
SIMATIC CP 443-1 Advanced	Lien
SIMATIC CP 443-1 (incl. SIPLUS variants)	Lien
SIMATIC CP 443-1 (incl. SIPLUS variants)	Lien
SIMATIC CP 443-1 (incl. SIPLUS variants)	Lien
SIMATIC CP 443-1 OPC UA	Lien
SIMATIC CP 443-1 OPC UA	Lien
SIMATIC CP 443-1 OPC UA	Lien
SIMATIC CP 443-1 OPC UA	Lien
SIMATIC CP 443-1 OPC UA	Lien
SIMATIC CP 443-1 OPC UA	Lien
SIMATIC CP 443-1 OPC UA	Lien
SIMATIC CP 443-1 RNA	Lien
SIMATIC CP 443-1 RNA	Lien
SIMATIC CP 443-1	Lien
SIMATIC CP 443-1	Lien
SIMATIC CP 443-1	Lien
SIMATIC DK-16xx PN IO	Lien
SIMATIC Drive Controller family	Lien
SIMATIC Drive Controller family	Lien
SIMATIC ET200AL IM 157-1 PN	Lien
SIMATIC ET200AL	Lien
SIMATIC ET200AL	Lien
SIMATIC ET200AL	Lien
SIMATIC ET200ecoPN 16DI DC24V 8xM12	Lien
SIMATIC ET200ecoPN 16DI DC24V 8xM12	Lien
SIMATIC ET200ecoPN 16DI DC24V 8xM12	Lien
SIMATIC ET200ecoPN 16DI DC24V 8xM12	Lien
SIMATIC ET200ecoPN 16DI DC24V 8xM12	Lien
SIMATIC ET200ecoPN 16DO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 16DO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 16DO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 16DO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 16DO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 4AO U/I 4xM12	Lien
SIMATIC ET200ecoPN 4AO U/I 4xM12	Lien
SIMATIC ET200ecoPN 4AO U/I 4xM12	Lien
SIMATIC ET200ecoPN 4AO U/I 4xM12	Lien
SIMATIC ET200ecoPN 4AO U/I 4xM12	Lien
SIMATIC ET200ecoPN 8AI; 4 U/I; 4 RTD/TC 8xM12	Lien
SIMATIC ET200ecoPN 8AI; 4 U/I; 4 RTD/TC 8xM12	Lien
SIMATIC ET200ecoPN 8AI; 4 U/I; 4 RTD/TC 8xM12	Lien
SIMATIC ET200ecoPN 8AI; 4 U/I; 4 RTD/TC 8xM12	Lien
SIMATIC ET200ecoPN 8AI; 4 U/I; 4 RTD/TC 8xM12	Lien
SIMATIC ET200ecoPN 8AI RTD/TC 8xM12	Lien
SIMATIC ET200ecoPN 8AI RTD/TC 8xM12	Lien
SIMATIC ET200ecoPN 8AI RTD/TC 8xM12	Lien
SIMATIC ET200ecoPN 8AI RTD/TC 8xM12	Lien
SIMATIC ET200ecoPN 8AI RTD/TC 8xM12	Lien
SIMATIC ET200ecoPN 8DI DC24V 4xM12	Lien
SIMATIC ET200ecoPN 8DI DC24V 4xM12	Lien
SIMATIC ET200ecoPN 8DI DC24V 4xM12	Lien
SIMATIC ET200ecoPN 8DI DC24V 4xM12	Lien
SIMATIC ET200ecoPN 8DI DC24V 4xM12	Lien
SIMATIC ET200ecoPN 8DI DC24V 8xM12	Lien
SIMATIC ET200ecoPN 8DI DC24V 8xM12	Lien
SIMATIC ET200ecoPN 8DI DC24V 8xM12	Lien
SIMATIC ET200ecoPN 8DI DC24V 8xM12	Lien
SIMATIC ET200ecoPN 8DI DC24V 8xM12	Lien
SIMATIC ET200ecoPN 8 DIO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 8 DIO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 8 DIO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 8 DIO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 8 DIO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/05A 4xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/05A 4xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/05A 4xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/05A 4xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/05A 4xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/13A 4xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/13A 4xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/13A 4xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/13A 4xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/13A 4xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 8DO DC24V/13A 8xM12	Lien
SIMATIC ET200ecoPN 8 DO DC24V/2A 8xM12	Lien
SIMATIC ET200ecoPN 8 DO DC24V/2A 8xM12	Lien
SIMATIC ET200ecoPN 8 DO DC24V/2A 8xM12	Lien
SIMATIC ET200ecoPN 8 DO DC24V/2A 8xM12	Lien
SIMATIC ET200ecoPN 8 DO DC24V/2A 8xM12	Lien
SIMATIC ET200ecoPN: IO-Link Master	Lien
SIMATIC ET200ecoPN: IO-Link Master	Lien
SIMATIC ET200ecoPN: IO-Link Master	Lien
SIMATIC ET200ecoPN: IO-Link Master	Lien
SIMATIC ET200ecoPN: IO-Link Master	Lien
SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants)	Lien
SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants)	Lien
SIMATIC ET200M (incl. SIPLUS variants)	Lien
SIMATIC ET200M (incl. SIPLUS variants)	Lien
SIMATIC ET200M (incl. SIPLUS variants)	Lien
SIMATIC ET200M (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)	Lien
SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)	Lien
SIMATIC ET200pro IM 154-3 PN HF	Lien
SIMATIC ET200pro IM 154-4 PN HF	Lien
SIMATIC ET200pro	Lien
SIMATIC ET200pro	Lien
SIMATIC ET200pro	Lien
SIMATIC ET200pro	Lien
SIMATIC ET200S (incl. SIPLUS variants)	Lien
SIMATIC ET200S (incl. SIPLUS variants)	Lien
SIMATIC ET200S (incl. SIPLUS variants)	Lien
SIMATIC ET200S (incl. SIPLUS variants)	Lien
SIMATIC ET200S (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 MF HF	Lien
SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)	Lien
SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)	Lien
SIMATIC ET200SP (incl. SIPLUS variants except IM155-6 PN ST and IM155-6 PN HF)	Lien
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)	Lien
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)	Lien
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)	Lien
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)	Lien
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)	Lien
SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)	Lien
SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)	Lien
SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)	Lien
SIMATIC Field PG M5	Lien
SIMATIC Field PG M6	Lien
SIMATIC HMI Comfort Outdoor Panels 7\ & 15\ (incl. SIPLUS variants)	Lien
SIMATIC HMI Comfort Outdoor Panels 7\ & 15\ (incl. SIPLUS variants)	Lien
SIMATIC HMI Comfort Outdoor Panels 7\ & 15\ (incl. SIPLUS variants)	Lien
SIMATIC HMI Comfort Outdoor Panels 7\ & 15\ (incl. SIPLUS variants)	Lien
SIMATIC HMI Comfort Panels 4\ - 22\ (incl. SIPLUS variants)	Lien
SIMATIC HMI Comfort Panels 4\ - 22\ (incl. SIPLUS variants)	Lien
SIMATIC HMI Comfort Panels 4\ - 22\ (incl. SIPLUS variants)	Lien
SIMATIC HMI Comfort Panels 4\ - 22\ (incl. SIPLUS variants)	Lien
SIMATIC HMI Comfort Panels HMI Multi Panels HMI Mobile Panels (incl. SIPLUS variants)	Lien
SIMATIC HMI KTP Mobile Panels KTP400F KTP700 KTP700F KTP900 and KTP900F	Lien
SIMATIC HMI KTP Mobile Panels KTP400F KTP700 KTP700F KTP900 and KTP900F	Lien
SIMATIC HMI KTP Mobile Panels	Lien
SIMATIC HMI KTP Mobile Panels	Lien
SIMATIC IE/PB-LINK V3	Lien
SIMATIC Information Server	Lien
SIMATIC IPC1047E	Lien
SIMATIC IPC1047	Lien
SIMATIC IPC127E	Lien
SIMATIC IPC427E	Lien
SIMATIC IPC477E Pro	Lien
SIMATIC IPC477E	Lien
SIMATIC IPC527G	Lien
SIMATIC IPC547G	Lien
SIMATIC IPC627E	Lien
SIMATIC IPC647D	Lien
SIMATIC IPC647E	Lien
SIMATIC IPC647E	Lien
SIMATIC IPC677E	Lien
SIMATIC IPC847D	Lien
SIMATIC IPC847E	Lien
SIMATIC IPC847E	Lien
SIMATIC IPC DiagMonitor	Lien
SIMATIC IPC DiagMonitor	Lien
SIMATIC IPC Support Package for VxWorks	Lien
SIMATIC ITC1500 PRO	Lien
SIMATIC ITC1500	Lien
SIMATIC ITC1900 PRO	Lien
SIMATIC ITC1900	Lien
SIMATIC ITC2200 PRO	Lien
SIMATIC ITC2200	Lien
SIMATIC ITP1000	Lien
SIMATIC Logon	Lien
SIMATIC MICRO-DRIVE PDC	Lien
SIMATIC MV400 family	Lien
SIMATIC MV400	Lien
SIMATIC MV540 H (6GF3540-0GE10)	Lien
SIMATIC MV540 H	Lien
SIMATIC MV540 H	Lien
SIMATIC MV540 S (6GF3540-0CD10)	Lien
SIMATIC MV540 S	Lien
SIMATIC MV540 S	Lien
SIMATIC MV550 H (6GF3550-0GE10)	Lien
SIMATIC MV550 H	Lien
SIMATIC MV550 H	Lien
SIMATIC MV550 S (6GF3550-0CD10)	Lien
SIMATIC MV550 S	Lien
SIMATIC MV550 S	Lien
SIMATIC MV560 U (6GF3560-0LE10)	Lien
SIMATIC MV560 U	Lien
SIMATIC MV560 U	Lien
SIMATIC MV560 X (6GF3560-0HE10)	Lien
SIMATIC MV560 X	Lien
SIMATIC MV560 X	Lien
SIMATIC NET CP 1604	Lien
SIMATIC NET CP 1616	Lien
SIMATIC NET DK-16xx PN IO	Lien
SIMATIC NET PC Software	Lien
SIMATIC PCS 7 TeleControl	Lien
SIMATIC PCS 7 V8.2 and earlier	Lien
SIMATIC PCS 7 V8.2 and earlier	Lien
SIMATIC PCS 7 V9.0	Lien
SIMATIC PCS 7 V9.0	Lien
SIMATIC PCS 7 V9.1	Lien
SIMATIC PCS 7 V9.1	Lien
SIMATIC PCS neo	Lien
SIMATIC PCS neo	Lien
SIMATIC PCS neo	Lien
SIMATIC PDM	Lien
SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant)	Lien
SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant)	Lien
SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)	Lien
SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)	Lien
SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)	Lien
SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)	Lien
SIMATIC Power Line Booster PLB Base Module	Lien
SIMATIC Process Historian (incl. Process Historian OPC UA Server)	Lien
SIMATIC Process Historian OPC UA Server	Lien
SIMATIC Process Historian OPC UA Server	Lien
SIMATIC PROFINET Driver	Lien
SIMATIC PROFINET Driver	Lien
SIMATIC RF166C	Lien
SIMATIC RF180C	Lien
SIMATIC RF180C	Lien
SIMATIC RF182C	Lien
SIMATIC RF182C	Lien
SIMATIC RF182C	Lien
SIMATIC RF185C	Lien
SIMATIC RF185C	Lien
SIMATIC RF185C	Lien
SIMATIC RF186CI	Lien
SIMATIC RF186CI	Lien
SIMATIC RF186C	Lien
SIMATIC RF186C	Lien
SIMATIC RF186C	Lien
SIMATIC RF188CI	Lien
SIMATIC RF188CI	Lien
SIMATIC RF188C	Lien
SIMATIC RF188C	Lien
SIMATIC RF188C	Lien
SIMATIC RF188C	Lien
SIMATIC RF360R	Lien
SIMATIC RF600 family	Lien
SIMATIC RF600R	Lien
SIMATIC RF600R	Lien
SIMATIC RF600	Lien
SIMATIC RF650R	Lien
SIMATIC RF680R	Lien
SIMATIC RF685R	Lien
SIMATIC RTU3010C	Lien
SIMATIC RTU3030C	Lien
SIMATIC RTU3031C	Lien
SIMATIC RTU3041C	Lien
SIMATIC S7-1200 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-1200 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-1200 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-1200 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-1200 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-1200 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-1200 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0 6AG1518-4AX00-4AC0 incl. SIPLUS variant)	Lien
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0 6AG1518-4AX00-4AC0 incl. SIPLUS variant)	Lien
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0 6AG1518-4AX00-4AC0 incl. SIPLUS variant)	Lien
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP	Lien
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP	Lien
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-1500 Software Controller (incl. F)	Lien
SIMATIC S7-1500 Software Controller	Lien
SIMATIC S7-1500 Software Controller	Lien
SIMATIC S7-1500 Software Controller	Lien
SIMATIC S7-1500 Software Controller	Lien
SIMATIC S7-1500 Software Controller	Lien
SIMATIC S7-1500 Software Controller	Lien
SIMATIC S7-200 SMART	Lien
SIMATIC S7-200 SMART	Lien
SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Lien
SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants)	Lien
SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants)	Lien
SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-400 PN/DP V6 CPU family and below (incl. SIPLUS variants)	Lien
SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-400 PN/DP V7 and below CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-410 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-410 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)	Lien
SIMATIC S7-PLCSIM Advanced	Lien
SIMATIC S7-PLCSIM Advanced	Lien
SIMATIC TDC CP51M1	Lien
SIMATIC TDC CP51M1	Lien
SIMATIC TDC CP51M1	Lien
SIMATIC TDC CP51M1	Lien
SIMATIC TDC CPU555	Lien
SIMATIC TDC CPU555	Lien
SIMATIC TDC CPU555	Lien
SIMATIC TDC CPU555	Lien
SIMATIC Teleservice Adapter IE Advanced	Lien
SIMATIC Teleservice Adapter IE Advanced	Lien
SIMATIC Teleservice Adapter IE Advanced	Lien
SIMATIC Teleservice Adapter IE Basic	Lien
SIMATIC Teleservice Adapter IE Basic	Lien
SIMATIC Teleservice Adapter IE Basic	Lien
SIMATIC Teleservice Adapter IE Standard	Lien
SIMATIC Teleservice Adapter IE Standard	Lien
SIMATIC WinAC RTX (F) 2010	Lien
SIMATIC WinAC RTX (F) 2010	Lien
SIMATIC WinAC RTX (F) 2010	Lien
SIMATIC WinAC RTX (F) 2010	Lien
SIMATIC WinAC RTX (F) 2010	Lien
SIMATIC WinAC RTX (F) 2010	Lien
SIMATIC WinCC OA	Lien
SIMATIC WinCC OA V3.17	Lien
SIMATIC WinCC OA V3.18	Lien
SIMATIC WinCC Runtime Advanced	Lien
SIMATIC WinCC Runtime Advanced	Lien
SIMATIC WinCC Runtime Advanced	Lien
SIMATIC WinCC TeleControl	Lien
SIMATIC WinCC V15 and earlier	Lien
SIMATIC WinCC V15 and earlier	Lien
SIMATIC WinCC V16	Lien
SIMATIC WinCC V16	Lien
SIMATIC WinCC V17	Lien
SIMATIC WinCC V17	Lien
SIMATIC WinCC V7.4 and earlier	Lien
SIMATIC WinCC V7.4 and earlier	Lien
SIMATIC WinCC V7.5	Lien
SIMATIC WinCC V7.5	Lien
Simcenter 3D	Lien
Simcenter Amesim	Lien
Simcenter Femap V2020.2	Lien
Simcenter Femap V2021.1	Lien
Simcenter System Architect	Lien
Simcenter System Simulation Client for Git	Lien
Simcenter Testlab Data Management	Lien
Simcenter Testlab	Lien
SIMIT Simulation Platform	Lien
SIMOCODE pro V EIP (incl. SIPLUS variants)	Lien
SIMOCODE proV Ethernet/IP	Lien
SIMOCODE pro V PN (incl. SIPLUS variants)	Lien
SIMOCODE pro V PN (incl. SIPLUS variants)	Lien
SIMOCODE pro V PN (incl. SIPLUS variants)	Lien
SIMOCODE proV PROFINET	Lien
SIMOTION C	Lien
SIMOTION C	Lien
SIMOTION D (incl. SIPLUS variants)	Lien
SIMOTION D (incl. SIPLUS variants)	Lien
SIMOTION (incl. SIPLUS variants)	Lien
SIMOTION (incl. SIPLUS variants)	Lien
SIMOTION P	Lien
SIMOTION P V4.4 and V4.5	Lien
SIMOTION P V5	Lien
SINAMICS Connect 300	Lien
SINAMICS DCM	Lien
SINAMICS DCM	Lien
SINAMICS DCM w. PN	Lien
SINAMICS DCM w. PN	Lien
SINAMICS DCP	Lien
SINAMICS DCP	Lien
SINAMICS DCP	Lien
SINAMICS DCP w. PN	Lien
SINAMICS DCP w. PN	Lien
SINAMICS G110M V4.7 Control Unit	Lien
SINAMICS G110M V4.7 PN Control Unit	Lien
SINAMICS G110M w. PN	Lien
SINAMICS G110M w. PN	Lien
SINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants)	Lien
SINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants)	Lien
SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants)	Lien
SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants)	Lien
SINAMICS G130 V4.6 Control Unit	Lien
SINAMICS G130 V4.7 Control Unit	Lien
SINAMICS G130 V4.7 Control Unit	Lien
SINAMICS G130 V4.7 Control Unit	Lien
SINAMICS G130 V4.7 SP1 Control Unit	Lien
SINAMICS G130 V4.7 w. PN	Lien
SINAMICS G130 V4.7 w. PN	Lien
SINAMICS G130 V4.8 Control Unit	Lien
SINAMICS G130 V4.8 w. PN	Lien
SINAMICS G130 V4.8 w. PN	Lien
SINAMICS G130 V5.1 Control Unit	Lien
SINAMICS G130 V5.1 SP1 Control Unit	Lien
SINAMICS G150 Control Unit	Lien
SINAMICS G150 Control Unit	Lien
SINAMICS G150 V4.6 Control Unit	Lien
SINAMICS G150 V4.7 Control Unit	Lien
SINAMICS G150 V4.7 SP1 Control Unit	Lien
SINAMICS G150 V4.7 w. PN	Lien
SINAMICS G150 V4.7 w. PN	Lien
SINAMICS G150 V4.8 Control Unit	Lien
SINAMICS G150 V4.8 w. PN	Lien
SINAMICS G150 V4.8 w. PN	Lien
SINAMICS G150 V5.1 Control Unit	Lien
SINAMICS G150 V5.1 SP1 Control Unit	Lien
SINAMICS GH150 V4.7 Control Unit	Lien
SINAMICS GH150 V4.7 Control Unit	Lien
SINAMICS GL150 V4.7 Control Unit	Lien
SINAMICS GL150 V4.7 Control Unit	Lien
SINAMICS GM150 V4.7 Control Unit	Lien
SINAMICS GM150 V4.7 Control Unit	Lien
SINAMICS S110 Control Unit	Lien
SINAMICS S110 Control Unit	Lien
SINAMICS S110 w. PN	Lien
SINAMICS S110 w. PN	Lien
SINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants)	Lien
SINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.7 w. PN (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.7 w. PN (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.8 w. PN (incl. SIPLUS variants)	Lien
SINAMICS S120 V4.8 w. PN (incl. SIPLUS variants)	Lien
SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants)	Lien
SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants)	Lien
SINAMICS S150 Control Unit	Lien
SINAMICS S150 Control Unit	Lien
SINAMICS S150 V4.6 Control Unit	Lien
SINAMICS S150 V4.7 Control Unit	Lien
SINAMICS S150 V4.7 SP1 Control Unit	Lien
SINAMICS S150 V4.7 w. PN	Lien
SINAMICS S150 V4.7 w. PN	Lien
SINAMICS S150 V4.8 Control Unit	Lien
SINAMICS S150 V4.8 w. PN	Lien
SINAMICS S150 V4.8 w. PN	Lien
SINAMICS S150 V5.1 Control Unit	Lien
SINAMICS S150 V5.1 SP1 Control Unit	Lien
SINAMICS S210 V5.1 Control Unit	Lien
SINAMICS S210 V5.1 SP1 Control Unit	Lien
SINAMICS S/G Control Unit w. PROFINET	Lien
SINAMICS SL150 V4.7 Control Unit	Lien
SINAMICS SL150 V4.7 Control Unit	Lien
SINAMICS SM120 V4.7 Control Unit	Lien
SINAMICS SM120 V4.7 Control Unit	Lien
SINAMICS V90 w. PN	Lien
SINAMICS V90 w. PN	Lien
SINEC INS	Lien
SINEC NMS	Lien
SINEC-NMS	Lien
SINEC NMS	Lien
SINEMA Remote Connect Server	Lien
SINEMA Remote Connect Server	Lien
SINEMA Remote Connect Server	Lien
SINEMA Remote Connect Server	Lien
SINEMA Remote Connect Server	Lien
SINEMA Server	Lien
SINEMA Server	Lien
SINEMA Server V14	Lien
SINUMERIK 808D	Lien
SINUMERIK 828D HW PU.4	Lien
SINUMERIK 828D	Lien
SINUMERIK 828D	Lien
SINUMERIK 828D	Lien
SINUMERIK 828D V4.5 and prior	Lien
SINUMERIK 828D V4.7	Lien
SINUMERIK 840D sl	Lien
SINUMERIK 840D sl	Lien
SINUMERIK 840D sl	Lien
SINUMERIK 840D sl	Lien
SINUMERIK 840D sl V4.5 and prior	Lien
SINUMERIK 840D sl V4.7	Lien
SINUMERIK MC MCU 1720	Lien
SINUMERIK ONE NCU 1740	Lien
SINUMERIK ONE PPU 1740	Lien
SINUMERIK ONE / SINUMERIK 840D sl Handheld Terminal HT 10	Lien
SINUMERIK OPC UA Server	Lien
SINUMERIK OPC UA Server	Lien
SINUMERIK Operate	Lien
SiPass integrated V2.80	Lien
SiPass integrated V2.85	Lien
SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL	Lien
SIPLUS ET 200SP CP 1543SP-1 ISEC	Lien
SIPLUS ET 200SP CP 1543SP-1 ISEC	Lien
SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL	Lien
SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL	Lien
SIPLUS NET CP 1543-1	Lien
SIPLUS NET CP 1543-1	Lien
SIPLUS NET CP 1543-1	Lien
SIPLUS NET CP 1543-1	Lien
SIPLUS NET CP 343-1 Advanced	Lien
SIPLUS NET CP 343-1 Advanced	Lien
SIPLUS NET CP 343-1 Advanced	Lien
SIPLUS NET CP 343-1 Lean	Lien
SIPLUS NET CP 343-1	Lien
SIPLUS NET CP 443-1 Advanced	Lien
SIPLUS NET CP 443-1 Advanced	Lien
SIPLUS NET CP 443-1 Advanced	Lien
SIPLUS NET CP 443-1	Lien
SIPLUS NET CP 443-1	Lien
SIPLUS NET CP 443-1	Lien
SIPLUS S7-1200 CP 1243-1 RAIL	Lien
SIPLUS S7-1200 CP 1243-1 RAIL	Lien
SIPLUS S7-1200 CP 1243-1 RAIL	Lien
SIPLUS S7-1200 CP 1243-1	Lien
SIPLUS S7-1200 CP 1243-1	Lien
SIPLUS S7-1200 CP 1243-1	Lien
SIPLUS TIM 1531 IRC	Lien
SIPLUS TIM 1531 IRC	Lien
SIRIUS ACT 3SU1 interface module PROFINET	Lien
SIRIUS Motor Starter M200D PROFINET	Lien
SIRIUS Soft Starter 3RW44 PN	Lien
SIRIUS Soft Starter 3RW44 PN	Lien
SITOP Manager	Lien
SITOP PSU8600 PROFINET	Lien
SITOP PSU8600	Lien
SITOP UPS1600 (incl. SIPLUS variants)	Lien
SITOP UPS1600 PROFINET (incl. SIPLUS variants)	Lien
Siveillance Command	Lien
Siveillance Control Pro	Lien
Siveillance Identity V1.5	Lien
Siveillance Identity V1.6	Lien
Siveillance Vantage	Lien
SOFTNET-IE PNIO	Lien
SOFTNET-IE PNIO	Lien
Softnet PROFINET IO for PC-based Windows systems	Lien
Solid Edge CAM Pro	Lien
Solid Edge Harness Design	Lien
Solid Edge SE2021	Lien
Solid Edge SE2022	Lien
Spectrum Power 4	Lien
Spectrum Power 4	Lien
Spectrum Power 7	Lien
SPPA-T3000 SeS3000 Security Server (6DU7054-0..00-..A0)	Lien
Teamcenter Active Workspace	Lien
Teamcenter Briefcase Browser	Lien
Teamcenter Data Share Manager	Lien
Teamcenter Deployment Center	Lien
Teamcenter Dispatcher Service	Lien
Teamcenter EDA	Lien
Teamcenter FMS	Lien
Teamcenter Integration for CATIA	Lien
Teamcenter Integration Framework	Lien
Teamcenter MBSE Gateway	Lien
Teamcenter Mendix Connector	Lien
Teamcenter Microservices Framework	Lien
Teamcenter Polarion Integration	Lien
Teamcenter Rapid Start	Lien
Teamcenter Reporting and Analytics V11	Lien
Teamcenter Reporting and Analytics V12.2	Lien
Teamcenter Reporting and Analytics V12.3	Lien
Teamcenter Reporting and Analytics V12.4	Lien
Teamcenter Reporting and Analytics V13	Lien
Teamcenter Retail Footwear and Apparel	Lien
Teamcenter Security Services	Lien
Teamcenter Supplier Collaboration	Lien
Teamcenter System Modeling Workbench	Lien
Teamcenter	Lien
Teamcenter Technical Publishing	Lien
Teamcenter Visualization V12.4	Lien
Teamcenter Visualization V13.1	Lien
Teamcenter Visualization V13.2	Lien
Teamcenter Visualization V13.3	Lien
Tecnomatix eBOP Manager Server	Lien
Tecnomatix Intosite	Lien
Tecnomatix Plant Simulation	Lien
Tecnomatix Process Designer	Lien
Tecnomatix Process Simulate	Lien
Tecnomatix Process Simulate VCLite	Lien
Tecnomatix RobotExpert	Lien
TeleControl Server Basic	Lien
TIA Administrator	Lien
TIA Administrator	Lien
TIM 1531 IRC (incl. SIPLUS NET variants)	Lien
TIM 1531 IRC (incl. SIPLUS NET variants)	Lien
TIM 1531 IRC (incl. SIPLUS NET variants)	Lien
TIM 1531 IRC	Lien
TIM 1531 IRC	Lien
TIM 3V-IE Advanced (incl. SIPLUS NET variants)	Lien
TIM 3V-IE DNP3 (incl. SIPLUS NET variants)	Lien
TIM 3V-IE (incl. SIPLUS NET variants)	Lien
TIM 4R-IE DNP3 (incl. SIPLUS NET variants)	Lien
TIM 4R-IE (incl. SIPLUS NET variants)	Lien
Valor Parts Library - VPL Direct	Lien
Valor Parts Library - VPL Server or Service	Lien
VeSys	Lien
Xpedition Enterprise VX.2.10	Lien
Xpedition Enterprise VX.2.6	Lien
Xpedition Enterprise VX.2.7	Lien
Xpedition Enterprise VX.2.8	Lien
Xpedition Enterprise (XCR) VX.2.10	Lien
Xpedition IC Packaging VX.2.10	Lien
Xpedition IC Packaging VX.2.6	Lien
Xpedition IC Packaging VX.2.7	Lien
Xpedition IC Packaging VX.2.8	Lien
Xpedition IC Packaging (XCR) VX.2.10	Lien

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-541018 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-914168 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-309571 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-675303 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-244969 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-654775 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-316383 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-100232 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-480230 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-978220 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-840188 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-211752 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-772220 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-539476 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-599968 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-443566 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-995338 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-462066 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-102233 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-301589 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-669737 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-609880 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssb-439005 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-473245 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-831168 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-593272 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-838121 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-307392 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-780073 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-349422 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-346262 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-293562 du 08 février 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-913875 du 08 février 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003ctable\u003e \u003cthead\u003e \u003ctr\u003e \u003cth\u003eSyst\u00e8me affect\u00e9\u003c/th\u003e \u003cth\u003eLien vers l\u0027avis \u00e9diteur\u003c/th\u003e \u003c/tr\u003e \u003c/thead\u003e \u003ctbody\u003e \u003ctr\u003e \u003ctd\u003eAdvantage Navigator Energy \u0026amp; Sustainability\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eAdvantage Navigator Software Proxy V6\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eBuilding Operator Discovery Distribution for the Connect X200 Gateway\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eBuilding Operator Discovery Distribution for the Connect X300 Gateway\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eBuilding Twin - 360\u00b0 Viewer\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eCapital\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eCerberus DMS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eCloudConnect 712\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eCOMOS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eCOMOS V10.2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-995338.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eCOMOS V10.3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-995338.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eCOMOS V10.4\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-995338.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003ecRSP Operator Client Starter\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003ecRSP\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDesigo CC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200P\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200P\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200P\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200P\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200P\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200P\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200P\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eE-Car OC Cloud Application\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eEnergy Engage\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eEnergyIP Prepay V3.7\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eEnergyIP Prepay V3.8\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eEnergyIP\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eEnlighted Amaze\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eEnlighted Where\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eGeolus Shape Search V10\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eGeolus Shape Search V11\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eGMA-Manager\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eHEEDS Connect\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eHES UDIS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eIE/AS-i Link PN IO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eIE/PB-Link (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eIE/PB LINK PN IO (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eIndustrial Edge Hub\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eIndustrial Edge Management App (IEM-App)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eIndustrial Edge Management OS (IEM-OS)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003ejROS for Spectrum Power 4\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003ejROS for Spectrum Power 7\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eJT2Go\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-301589.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eKTK ATE530S\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eLOGO! CMR2020\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-316383.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eLOGO! CMR2040\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-316383.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eMendix Applications\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eMindSphere App Management Cockpits (Developer\u0026amp; Operator)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eMindSphere Asset Manager\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eMindsphere Cloud Foundry\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eMindsphere Cloud Platform\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eMindSphere IAM (User Management/ Settings)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eMindSphere Integrated Data Lake\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eMindSphere Notification Service\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eMindSphere Predictive Learning\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eMindSphere Usage Transparency Service\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eMindSphere Visual Explorer\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eNXpower Monitor\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eNX\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eOpcenter EX CP Process Automation Control\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eOpcenter Execution Core Process Automation Control\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eOpcenter Intelligence\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eOperation Scheduler\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003ePROFINET Driver for Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003ePSS(R)CAPE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-675303.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRFID 181EIP\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eROX II\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM APE1404 Linux\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM CROSSBOW Station Access Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM RCM1224\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM RM1224 LTE(4G) EU\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM RM1224 LTE(4G) EU\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM RM1224 LTE(4G) NAM\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM RM1224 LTE(4G) NAM\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM RM1224\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM RM1224\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM RM1224\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM ROX MX5000RE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM ROX MX5000\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM ROX RX1400\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM ROX RX1500\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM ROX RX1501\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM ROX RX1510\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM ROX RX1511\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM ROX RX1512\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM ROX RX1524\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM ROX RX1536\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM ROX RX5000\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM RX1400 VPE Debian Linux\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eRUGGEDCOM RX1400 VPE Linux CloudConnect\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE LPE9403\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M-800 / S615\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M-800\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M804PB\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M804PB\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M804PB\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M804PB\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M804PB\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M812-1 ADSL-Router (Annex A)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M812-1 ADSL-Router (Annex A)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M812-1 ADSL-Router (Annex A)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M812-1 ADSL-Router (Annex A)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M812-1 ADSL-Router (Annex B)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M812-1 ADSL-Router (Annex B)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M812-1 ADSL-Router (Annex B)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M812-1 ADSL-Router (Annex B)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M812-1 ADSL-Router\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M816-1 ADSL-Router (Annex A)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M816-1 ADSL-Router (Annex A)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M816-1 ADSL-Router (Annex A)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M816-1 ADSL-Router (Annex A)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M816-1 ADSL-Router (Annex B)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M816-1 ADSL-Router (Annex B)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M816-1 ADSL-Router (Annex B)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M816-1 ADSL-Router (Annex B)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M816-1 ADSL-Router\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M826-2 SHDSL-Router\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M826-2 SHDSL-Router\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M826-2 SHDSL-Router\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M826-2 SHDSL-Router\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M826-2 SHDSL-Router\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M874-2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M874-2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M874-2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M874-2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M874-2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M874-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M874-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M874-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M874-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M874-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M875\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-3 (ROK)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-3 (ROK)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-3 (ROK)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-3 (ROK)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-3 (ROK)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-4 (EU)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-4 (EU)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-4 (EU)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-4 (EU)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-4 (EU)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-4 (NAM)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-4 (NAM)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-4 (NAM)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-4 (NAM)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE M876-4 (NAM)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE MUM856-1 (EU)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE MUM856-1 (EU)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE MUM856-1 (RoW)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE MUM856-1 (RoW)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S602\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S602\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S602\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S612\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S612\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S612\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S615\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S615\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S615\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S615\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S615\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S623\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S623\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S623\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S627-2M\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S627-2M\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE S627-2M\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC622-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC622-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC622-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC622-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC632-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC632-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC632-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC632-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC636-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC636-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC636-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC636-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC642-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC642-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC642-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC642-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC646-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC646-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC646-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE SC646-2C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W-1700 IEEE 802.11ac family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W-1700 IEEE 802.11ac family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W-1700 IEEE 802.11ac family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1748-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1748-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1750D\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1750D\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1788-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1788-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1788-2 EEC M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1788-2 EEC M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1788-2IA M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1788-2IA M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1788-2 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W1788-2 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W-700 IEEE 802.11n family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W-700 IEEE 802.11n family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W-700 IEEE 802.11n family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W-700 IEEE 802.11n family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W700\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W721-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W721-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W722-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W722-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W734-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W734-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W734-1 RJ45 (USA)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W734-1 RJ45 (USA)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W738-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W738-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W748-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W748-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W748-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W748-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W761-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W761-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W774-1 M12 EEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W774-1 M12 EEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W774-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W774-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W774-1 RJ45 (USA)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W774-1 RJ45 (USA)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W778-1 M12 EEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W778-1 M12 EEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W778-1 M12 EEC (USA)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W778-1 M12 EEC (USA)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W778-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W778-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W786-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W786-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W786-2IA RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W786-2IA RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W786-2 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W786-2 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W786-2 SFP\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W786-2 SFP\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W788-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W788-1 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W788-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W788-1 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W788-2 M12 EEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W788-2 M12 EEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W788-2 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W788-2 M12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W788-2 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE W788-2 RJ45\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WAM763-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WAM766-1 6GHz\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WAM766-1 6GHz\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WAM766-1 EEC 6GHz\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WAM766-1 EEC 6GHz\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WAM766-1 EEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WAM766-1 EEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WAM766-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WAM766-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WLC711\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WLC712\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WUM763-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WUM766-1 6GHz\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WUM766-1 6GHz\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WUM766-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE WUM766-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-913875.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X200-4 P IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X200-4 P IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-200IRT (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-200IRT switch family (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-100232.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-200IRT switch family (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-102233.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-200IRT switch family (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-200IRT switch family (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-200 switch family (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-100232.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-200 switch family (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-102233.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-200 switch family (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-200 switch family (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X201-3P IRT PRO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X201-3P IRT PRO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X201-3P IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X201-3P IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X202-2 IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X202-2 IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X202-2P IRT (incl. SIPLUS NET variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X202-2P IRT (incl. SIPLUS NET variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X202-2P IRT PRO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X202-2P IRT PRO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204-2FM\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204-2FM\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204-2 (incl. SIPLUS NET variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204-2LD (incl. SIPLUS NET variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204-2LD\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204-2LD TS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204-2LD TS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204-2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204-2TS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204-2TS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204 IRT PRO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204 IRT PRO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204 IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204 IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204RNA EEC (HSR)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-100232.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204RNA EEC (HSR)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-443566.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204RNA EEC (PRP/HSR)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-100232.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204RNA EEC (PRP/HSR)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-443566.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204RNA EEC (PRP)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-100232.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204RNA EEC (PRP)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-443566.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204RNA (HSR)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-100232.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204RNA (HSR)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-443566.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204RNA (PRP)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-100232.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X204RNA (PRP)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-443566.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X206-1LD (incl. SIPLUS NET variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X206-1LD\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X206-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X206-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X208 (incl. SIPLUS NET variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X208PRO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X208PRO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X208\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X212-2LD\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X212-2LD\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X212-2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X212-2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X216\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X216\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X224\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X224\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-300 (incl. X408 and SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-300 switch family (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-102233.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-443566.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X302-7 EEC (230V coated)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X302-7 EEC (230V)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X302-7 EEC (24V coated)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X302-7 EEC (24V)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X302-7 EEC (2x 230V coated)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X302-7 EEC (2x 230V)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X302-7 EEC (2x 24V coated)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X302-7 EEC (2x 24V)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X302-7EEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X304-2FE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X304-2FE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X306-1LD FE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X306-1LDFE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-2 EEC (230V coated)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-2 EEC (230V)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-2 EEC (24V coated)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-2 EEC (24V)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-2 EEC (2x 230V coated)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-2 EEC (2x 230V)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-2 EEC (2x 24V coated)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-2 EEC (2x 24V)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-2EEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-3LD\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-3LD\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X307-3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2 (incl. SIPLUS NET variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2LD\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2LD\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2LH+\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2LH\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2LH+\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2LH\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2M PoE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2M PoE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2M\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2M\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2M TS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2M TS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X308-2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X310FE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X310FE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X310\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X310\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X320-1-2LD FE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X320-1 FE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X320-1FE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X320-3LDFE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X408-2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X408\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE X414\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XB-200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XB-200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XB-200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XC-200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XC-200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XC-200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF-200BA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF-200BA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF-200BA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF201-3P IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF201-3P IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF202-2P IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF202-2P IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF204-2BA IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF204-2BA IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF204-2 (incl. SIPLUS NET variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF204-2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF204 IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF204 IRT\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF204\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF204\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF206-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF206-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF208\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XF208\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XM-400 Family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XM400\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XM-400\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XM-400\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XP-200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XP-200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XP-200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR-300WG\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR-300WG\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR-300WG\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-12M (230V ports on front)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-12M (230V ports on rear)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-12M (24V ports on front)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-12M (24V ports on rear)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-12M\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-12M TS (24V)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-12M TS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-4M EEC (100-240VAC/60-250VDC ports on front)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-4M EEC (100-240VAC/60-250VDC ports on rear)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-4M EEC (24V ports on front)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-4M EEC (24V ports on rear)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC ports on front)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC ports on rear)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-4M EEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-4M PoE\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR324-4M PoE TS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR-500 Family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR-500 Family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR500\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSCALANCE XR-500\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSENTRON 3VA COM100/800\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-541018.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSENTRON 3VA DSP800\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-541018.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSENTRON PAC2200 (with CLP Approval)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-541018.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSENTRON PAC2200 (with MID Approval)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-541018.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSENTRON PAC2200 (without MID Approval)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-541018.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSENTRON PAC3200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-541018.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSENTRON PAC3200T\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-541018.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSENTRON PAC3220\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-541018.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSENTRON PAC4200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-541018.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSENTRON powermanager V4\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSICAM 230\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-675303.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSICAM TOOLBOX II\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-669737.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIDOOR ATD430W\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIDOOR ATE530S COATED\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIDOOR ATE531S\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIGUARD DSA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CFU PA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CFU PA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Cloud Connect 7 CC712\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Cloud Connect 7 CC716\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CM 1542-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CM 1542-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CM 1542-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CM 1542SP-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Compact Field Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1242-7C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1242-7 GPRS V2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1242-7 GPRS V2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1242-7 GPRS V2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-1 IEC (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-1 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-1 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-1 IRC (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-7 LTE EU\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-7 LTE EU\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-7 LTE EU\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-7 LTE EU\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-7 LTE US\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-7 LTE US\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-7 LTE US\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-7 LTE US\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-8 IRC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-8 IRC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-8 IRC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1243-8 IRC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1542SP-1 IRC (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1542SP-1 IRC (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1542SP-1 IRC (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1542SP-1 IRC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1542SP-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1542SP-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1542SP-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1543-1 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1543-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1543-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1543-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1543-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1543SP-1 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1543SP-1 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1543SP-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1543SP-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1545-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1545-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1545-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1604\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1604\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1616 and CP 1604\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP1616/CP1604\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1616\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1616\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1623\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1623\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP1626\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1626\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1628\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 1628\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 343-1 Advanced (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 343-1 Advanced (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 343-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 343-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 343-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 343-1 ERPC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 343-1 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 343-1 Lean (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 343-1 Lean\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 343-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 442-1 RNA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-102233.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 442-1 RNA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 Advanced (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-102233.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 Advanced (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 Advanced (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-102233.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 OPC UA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-211752.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 OPC UA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 OPC UA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 OPC UA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 OPC UA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 OPC UA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 OPC UA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 RNA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-102233.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1 RNA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC CP 443-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC DK-16xx PN IO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Drive Controller family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Drive Controller family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-838121.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200AL IM 157-1 PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200AL\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200AL\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200AL\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 16DI DC24V 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 16DI DC24V 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 16DI DC24V 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 16DI DC24V 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 16DI DC24V 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 16DO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 16DO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 16DO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 16DO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 16DO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 4AO U/I 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 4AO U/I 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 4AO U/I 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 4AO U/I 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 4AO U/I 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8AI; 4 U/I; 4 RTD/TC 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8AI; 4 U/I; 4 RTD/TC 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8AI; 4 U/I; 4 RTD/TC 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8AI; 4 U/I; 4 RTD/TC 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8AI; 4 U/I; 4 RTD/TC 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8AI RTD/TC 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8AI RTD/TC 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8AI RTD/TC 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8AI RTD/TC 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8AI RTD/TC 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DI DC24V 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DI DC24V 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DI DC24V 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DI DC24V 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DI DC24V 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DI DC24V 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DI DC24V 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DI DC24V 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DI DC24V 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DI DC24V 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8 DIO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8 DIO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8 DIO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8 DIO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8 DIO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/05A 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/05A 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/05A 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/05A 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/05A 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/13A 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/13A 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/13A 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/13A 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/13A 4xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8DO DC24V/13A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8 DO DC24V/2A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8 DO DC24V/2A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8 DO DC24V/2A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8 DO DC24V/2A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN 8 DO DC24V/2A 8xM12\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN: IO-Link Master\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN: IO-Link Master\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN: IO-Link Master\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN: IO-Link Master\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200ecoPN: IO-Link Master\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200M (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200M (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200M (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200M (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200pro IM 154-3 PN HF\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200pro IM 154-4 PN HF\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200pro\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200pro\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200pro\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200pro\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200S (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200S (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200S (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200S (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200S (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 MF HF\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET200SP (incl. SIPLUS variants except IM155-6 PN ST and IM155-6 PN HF)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-838121.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Field PG M5\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Field PG M6\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI Comfort Outdoor Panels 7\\ \u0026amp; 15\\ (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI Comfort Outdoor Panels 7\\ \u0026amp; 15\\ (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI Comfort Outdoor Panels 7\\ \u0026amp; 15\\ (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI Comfort Outdoor Panels 7\\ \u0026amp; 15\\ (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI Comfort Panels 4\\ - 22\\ (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI Comfort Panels 4\\ - 22\\ (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI Comfort Panels 4\\ - 22\\ (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI Comfort Panels 4\\ - 22\\ (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI Comfort Panels HMI Multi Panels HMI Mobile Panels (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI KTP Mobile Panels KTP400F KTP700 KTP700F KTP900 and KTP900F\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI KTP Mobile Panels KTP400F KTP700 KTP700F KTP900 and KTP900F\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI KTP Mobile Panels\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC HMI KTP Mobile Panels\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IE/PB-LINK V3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Information Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-675303.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC1047E\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC1047\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC127E\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC427E\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC477E Pro\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC477E\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC527G\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC547G\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC627E\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC647D\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC647E\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC647E\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC677E\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC847D\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC847E\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC847E\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC DiagMonitor\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC DiagMonitor\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC IPC Support Package for VxWorks\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ITC1500 PRO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ITC1500\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ITC1900 PRO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ITC1900\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ITC2200 PRO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ITC2200\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC ITP1000\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Logon\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MICRO-DRIVE PDC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV400 family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV400\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV540 H (6GF3540-0GE10)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV540 H\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV540 H\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV540 S (6GF3540-0CD10)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV540 S\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV540 S\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV550 H (6GF3550-0GE10)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV550 H\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV550 H\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV550 S (6GF3550-0CD10)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV550 S\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV550 S\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV560 U (6GF3560-0LE10)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV560 U\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV560 U\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV560 X (6GF3560-0HE10)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV560 X\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC MV560 X\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC NET CP 1604\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC NET CP 1616\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC NET DK-16xx PN IO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC NET PC Software\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PCS 7 TeleControl\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PCS 7 V8.2 and earlier\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-840188.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PCS 7 V8.2 and earlier\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-914168.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PCS 7 V9.0\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-840188.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PCS 7 V9.0\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-914168.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PCS 7 V9.1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-840188.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PCS 7 V9.1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-914168.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PCS neo\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PCS neo\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-675303.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PCS neo\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PDM\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PN/PN Coupler (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PN/PN Coupler (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PN/PN Coupler (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PN/PN Coupler (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Power Line Booster PLB Base Module\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Process Historian (incl. Process Historian OPC UA Server)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-675303.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Process Historian OPC UA Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Process Historian OPC UA Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PROFINET Driver\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC PROFINET Driver\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF166C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF180C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-102233.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF180C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF182C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-102233.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF182C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF182C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF185C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF185C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF185C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF186CI\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF186CI\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF186C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF186C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF186C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF188CI\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF188CI\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF188C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF188C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF188C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF188C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF360R\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF600 family\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF600R\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF600R\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF600\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF650R\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF680R\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RF685R\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RTU3010C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-316383.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RTU3030C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-316383.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RTU3031C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-316383.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC RTU3041C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-316383.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1200 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1200 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1200 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1200 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1200 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1200 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1200 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-838121.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU 1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0 6AG1518-4AX00-4AC0 incl. SIPLUS variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU 1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0 6AG1518-4AX00-4AC0 incl. SIPLUS variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU 1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0 6AG1518-4AX00-4AC0 incl. SIPLUS variant)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-838121.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 Software Controller (incl. F)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 Software Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 Software Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 Software Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 Software Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 Software Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-1500 Software Controller\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-838121.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-200 SMART\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-200 SMART\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 PN/DP V6 CPU family and below (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 PN/DP V7 and below CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-410 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-410 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-PLCSIM Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC S7-PLCSIM Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-838121.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC TDC CP51M1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC TDC CP51M1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC TDC CP51M1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC TDC CP51M1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC TDC CPU555\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC TDC CPU555\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC TDC CPU555\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC TDC CPU555\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Teleservice Adapter IE Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Teleservice Adapter IE Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Teleservice Adapter IE Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Teleservice Adapter IE Basic\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Teleservice Adapter IE Basic\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Teleservice Adapter IE Basic\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Teleservice Adapter IE Standard\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC Teleservice Adapter IE Standard\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinAC RTX (F) 2010\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinAC RTX (F) 2010\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinAC RTX (F) 2010\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinAC RTX (F) 2010\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinAC RTX (F) 2010\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinAC RTX (F) 2010\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC OA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC OA V3.17\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-675303.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC OA V3.18\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-675303.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC Runtime Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC Runtime Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC Runtime Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC TeleControl\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC V15 and earlier\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-840188.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC V15 and earlier\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-914168.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC V16\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-840188.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC V16\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-914168.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC V17\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-840188.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC V17\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-914168.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC V7.4 and earlier\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-840188.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC V7.4 and earlier\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-914168.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC V7.5\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-840188.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMATIC WinCC V7.5\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-914168.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSimcenter 3D\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSimcenter Amesim\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSimcenter Femap V2020.2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-609880.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSimcenter Femap V2021.1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-609880.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSimcenter System Architect\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSimcenter System Simulation Client for Git\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSimcenter Testlab Data Management\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSimcenter Testlab\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMIT Simulation Platform\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-675303.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOCODE pro V EIP (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOCODE proV Ethernet/IP\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOCODE pro V PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOCODE pro V PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOCODE pro V PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOCODE proV PROFINET\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOTION C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOTION C\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOTION D (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOTION D (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOTION (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOTION (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOTION P\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOTION P V4.4 and V4.5\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIMOTION P V5\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS Connect 300\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS DCM\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS DCM\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS DCM w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS DCM w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS DCP\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS DCP\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS DCP\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS DCP w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS DCP w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G110M V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G110M V4.7 PN Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G110M w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G110M w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V4.6 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V4.7 SP1 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V4.7 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V4.7 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V4.8 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V4.8 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V4.8 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V5.1 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G130 V5.1 SP1 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 V4.6 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 V4.7 SP1 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 V4.7 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 V4.7 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 V4.8 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 V4.8 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 V4.8 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 V5.1 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS G150 V5.1 SP1 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS GH150 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS GH150 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS GL150 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS GL150 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS GM150 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS GM150 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S110 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S110 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S110 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S110 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.7 w. PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.7 w. PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.8 w. PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V4.8 w. PN (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 V4.6 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 V4.7 SP1 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 V4.7 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 V4.7 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 V4.8 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 V4.8 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 V4.8 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 V5.1 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S150 V5.1 SP1 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S210 V5.1 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S210 V5.1 SP1 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS S/G Control Unit w. PROFINET\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-593272.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS SL150 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS SL150 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS SM120 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS SM120 V4.7 Control Unit\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS V90 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINAMICS V90 w. PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEC INS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-675303.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEC NMS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEC-NMS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEC NMS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEMA Remote Connect Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEMA Remote Connect Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEMA Remote Connect Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEMA Remote Connect Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-654775.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEMA Remote Connect Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-675303.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEMA Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEMA Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINEMA Server V14\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 808D\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 828D HW PU.4\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 828D\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 828D\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 828D\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 828D V4.5 and prior\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 828D V4.7\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 840D sl\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 840D sl\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-349422.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 840D sl\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 840D sl\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-473245.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 840D sl V4.5 and prior\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK 840D sl V4.7\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK MC MCU 1720\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK ONE NCU 1740\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK ONE PPU 1740\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK ONE / SINUMERIK 840D sl Handheld Terminal HT 10\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-309571.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK OPC UA Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK OPC UA Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSINUMERIK Operate\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSiPass integrated V2.80\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSiPass integrated V2.85\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS ET 200SP CP 1543SP-1 ISEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS ET 200SP CP 1543SP-1 ISEC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 1543-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 1543-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 1543-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 1543-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 343-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 343-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 343-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 343-1 Lean\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 343-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 443-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 443-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 443-1 Advanced\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 443-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 443-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS NET CP 443-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS S7-1200 CP 1243-1 RAIL\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS S7-1200 CP 1243-1 RAIL\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS S7-1200 CP 1243-1 RAIL\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS S7-1200 CP 1243-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS S7-1200 CP 1243-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS S7-1200 CP 1243-1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-539476.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS TIM 1531 IRC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIPLUS TIM 1531 IRC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIRIUS ACT 3SU1 interface module PROFINET\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIRIUS Motor Starter M200D PROFINET\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIRIUS Soft Starter 3RW44 PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSIRIUS Soft Starter 3RW44 PN\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-346262.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSITOP Manager\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSITOP PSU8600 PROFINET\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSITOP PSU8600\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSITOP UPS1600 (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSITOP UPS1600 PROFINET (incl. SIPLUS variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSiveillance Command\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSiveillance Control Pro\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSiveillance Identity V1.5\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSiveillance Identity V1.6\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSiveillance Vantage\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSOFTNET-IE PNIO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-599968.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSOFTNET-IE PNIO\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-780073.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSoftnet PROFINET IO for PC-based Windows systems\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-293562.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSolid Edge CAM Pro\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSolid Edge Harness Design\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSolid Edge SE2021\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-301589.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSolid Edge SE2022\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-301589.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSpectrum Power 4\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSpectrum Power 4\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-831168.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSpectrum Power 7\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eSPPA-T3000 SeS3000 Security Server (6DU7054-0..00-..A0)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-714170.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Active Workspace\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Briefcase Browser\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Data Share Manager\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Deployment Center\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Dispatcher Service\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter EDA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter FMS\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Integration for CATIA\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Integration Framework\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter MBSE Gateway\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Mendix Connector\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Microservices Framework\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Polarion Integration\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Rapid Start\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Reporting and Analytics V11\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Reporting and Analytics V12.2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Reporting and Analytics V12.3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Reporting and Analytics V12.4\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Reporting and Analytics V13\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Retail Footwear and Apparel\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Security Services\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Supplier Collaboration\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter System Modeling Workbench\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Technical Publishing\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Visualization V12.4\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-301589.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Visualization V13.1\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-301589.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Visualization V13.2\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-301589.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeamcenter Visualization V13.3\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-301589.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTecnomatix eBOP Manager Server\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTecnomatix Intosite\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTecnomatix Plant Simulation\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTecnomatix Process Designer\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTecnomatix Process Simulate\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTecnomatix Process Simulate VCLite\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTecnomatix RobotExpert\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTeleControl Server Basic\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-307392.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIA Administrator\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-244969.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIA Administrator\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIM 1531 IRC (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-480230.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIM 1531 IRC (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-838121.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIM 1531 IRC (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-978220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIM 1531 IRC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIM 1531 IRC\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-772220.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIM 3V-IE Advanced (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIM 3V-IE DNP3 (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIM 3V-IE (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIM 4R-IE DNP3 (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eTIM 4R-IE (incl. SIPLUS NET variants)\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-462066.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eValor Parts Library - VPL Direct\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eValor Parts Library - VPL Server or Service\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eVeSys\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eXpedition Enterprise VX.2.10\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eXpedition Enterprise VX.2.6\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eXpedition Enterprise VX.2.7\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eXpedition Enterprise VX.2.8\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eXpedition Enterprise (XCR) VX.2.10\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eXpedition IC Packaging VX.2.10\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eXpedition IC Packaging VX.2.6\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eXpedition IC Packaging VX.2.7\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eXpedition IC Packaging VX.2.8\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd\u003eXpedition IC Packaging (XCR) VX.2.10\u003c/td\u003e \u003ctd\u003e\u003ca href=\"https://cert-portal.siemens.com/productcert/html/ssa-661247.html\"\u003eLien\u003c/a\u003e\u003c/td\u003e \u003c/tr\u003e \u003c/tbody\u003e \u003c/table\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-40360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40360"
    },
    {
      "name": "CVE-2016-1547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1547"
    },
    {
      "name": "CVE-2021-37186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37186"
    },
    {
      "name": "CVE-2020-26139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26139"
    },
    {
      "name": "CVE-2016-4956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4956"
    },
    {
      "name": "CVE-2021-37198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37198"
    },
    {
      "name": "CVE-2016-4953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4953"
    },
    {
      "name": "CVE-2021-40363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40363"
    },
    {
      "name": "CVE-2021-46151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46151"
    },
    {
      "name": "CVE-2021-44018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44018"
    },
    {
      "name": "CVE-2022-23312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23312"
    },
    {
      "name": "CVE-2021-41990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41990"
    },
    {
      "name": "CVE-2015-5621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5621"
    },
    {
      "name": "CVE-2021-46161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46161"
    },
    {
      "name": "CVE-2021-41991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41991"
    },
    {
      "name": "CVE-2021-46160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46160"
    },
    {
      "name": "CVE-2022-23102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23102"
    },
    {
      "name": "CVE-2019-11478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11478"
    },
    {
      "name": "CVE-2019-13933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13933"
    },
    {
      "name": "CVE-2019-8460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8460"
    },
    {
      "name": "CVE-2019-6575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6575"
    },
    {
      "name": "CVE-2020-26146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26146"
    },
    {
      "name": "CVE-2020-26143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26143"
    },
    {
      "name": "CVE-2019-6568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6568"
    },
    {
      "name": "CVE-2016-1550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1550"
    },
    {
      "name": "CVE-2015-7705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7705"
    },
    {
      "name": "CVE-2021-46156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46156"
    },
    {
      "name": "CVE-2021-37197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37197"
    },
    {
      "name": "CVE-2016-7433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7433"
    },
    {
      "name": "CVE-2021-37194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37194"
    },
    {
      "name": "CVE-2021-46153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46153"
    },
    {
      "name": "CVE-2016-4955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4955"
    },
    {
      "name": "CVE-2015-7853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7853"
    },
    {
      "name": "CVE-2021-46152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46152"
    },
    {
      "name": "CVE-2017-2680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2680"
    },
    {
      "name": "CVE-2015-8138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
    },
    {
      "name": "CVE-2020-12360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12360"
    },
    {
      "name": "CVE-2016-4954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4954"
    },
    {
      "name": "CVE-2020-24588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24588"
    },
    {
      "name": "CVE-2021-37185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37185"
    },
    {
      "name": "CVE-2021-46154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46154"
    },
    {
      "name": "CVE-2020-26140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26140"
    },
    {
      "name": "CVE-2021-37195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37195"
    },
    {
      "name": "CVE-2020-8703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8703"
    },
    {
      "name": "CVE-2019-10936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10936"
    },
    {
      "name": "CVE-2020-12357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12357"
    },
    {
      "name": "CVE-2021-46159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46159"
    },
    {
      "name": "CVE-2021-3449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
    },
    {
      "name": "CVE-2017-12741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12741"
    },
    {
      "name": "CVE-2021-40358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40358"
    },
    {
      "name": "CVE-2019-10923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10923"
    },
    {
      "name": "CVE-2021-43336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43336"
    },
    {
      "name": "CVE-2020-26144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26144"
    },
    {
      "name": "CVE-2021-44000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44000"
    },
    {
      "name": "CVE-2021-20094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20094"
    },
    {
      "name": "CVE-2020-24513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24513"
    },
    {
      "name": "CVE-2019-11479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
    },
    {
      "name": "CVE-2021-20093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20093"
    },
    {
      "name": "CVE-2021-38405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38405"
    },
    {
      "name": "CVE-2020-24507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24507"
    },
    {
      "name": "CVE-2021-46155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46155"
    },
    {
      "name": "CVE-2020-13987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13987"
    },
    {
      "name": "CVE-2021-45046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
    },
    {
      "name": "CVE-2020-12358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12358"
    },
    {
      "name": "CVE-2021-37196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37196"
    },
    {
      "name": "CVE-2021-40364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40364"
    },
    {
      "name": "CVE-2019-11477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11477"
    },
    {
      "name": "CVE-2020-26147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26147"
    },
    {
      "name": "CVE-2021-37204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37204"
    },
    {
      "name": "CVE-2019-19300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19300"
    },
    {
      "name": "CVE-2019-13946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13946"
    },
    {
      "name": "CVE-2019-10942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10942"
    },
    {
      "name": "CVE-2020-8670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8670"
    },
    {
      "name": "CVE-2017-2681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2681"
    },
    {
      "name": "CVE-2016-2518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2518"
    },
    {
      "name": "CVE-2020-8704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8704"
    },
    {
      "name": "CVE-2020-28400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28400"
    },
    {
      "name": "CVE-2021-46158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46158"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2016-7431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7431"
    },
    {
      "name": "CVE-2021-3712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
    },
    {
      "name": "CVE-2020-26141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26141"
    },
    {
      "name": "CVE-2020-24486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24486"
    },
    {
      "name": "CVE-2020-24506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24506"
    },
    {
      "name": "CVE-2021-46157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46157"
    },
    {
      "name": "CVE-2021-45106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45106"
    },
    {
      "name": "CVE-2020-24512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
    },
    {
      "name": "CVE-2020-17437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-17437"
    },
    {
      "name": "CVE-2021-44016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44016"
    },
    {
      "name": "CVE-2020-24511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
    },
    {
      "name": "CVE-2021-40359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40359"
    },
    {
      "name": "CVE-2021-37205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37205"
    },
    {
      "name": "CVE-2018-18065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18065"
    },
    {
      "name": "CVE-2017-6458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6458"
    },
    {
      "name": "CVE-2016-1548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1548"
    },
    {
      "name": "CVE-2019-19301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19301"
    },
    {
      "name": "CVE-2016-9042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9042"
    },
    {
      "name": "CVE-2020-26145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26145"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-124",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-02-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-541018 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-541018.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-914168 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-914168.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-309571 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-309571.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-675303 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-675303.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-244969 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-244969.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-654775 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-654775.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-316383 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-316383.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-100232 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-100232.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-480230 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-480230.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-978220 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-978220.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-840188 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-840188.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-211752 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-211752.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-772220 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-772220.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-539476 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-539476.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-599968 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-599968.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-443566 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-443566.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-995338 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-995338.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-462066 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-462066.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-102233 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-102233.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-301589 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-301589.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-669737 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-669737.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-609880 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-609880.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssb-439005 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssb-439005.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-473245 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-473245.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-831168 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-831168.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-593272 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-593272.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-838121 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-838121.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-307392 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-307392.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-780073 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-780073.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-349422 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-349422.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-346262 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-346262.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-293562 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-293562.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-913875 du 08 f\u00e9vrier 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-913875.html"
    }
  ]
}

RHSA-2021_5127

Vulnerability from csaf_redhat - Published: 2021-12-14 18:38 - Updated: 2024-12-18 00:00

Summary

Red Hat Security Advisory: Openshift Logging security and bug update (5.2.4)

Severity

Moderate

Notes

Topic: An update is now available for OpenShift Logging 5.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Openshift Logging Security and Bug Fix Release (5.2.4) Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) * netty: Request smuggling via content-length header (CVE-2021-21409) * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-21409

A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Vendor Fix For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html For Red Hat OpenShift Logging 5.2, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5127

CVE-2021-37136

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html For Red Hat OpenShift Logging 5.2, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5127

CVE-2021-37137

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html For Red Hat OpenShift Logging 5.2, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5127

CVE-2021-44228

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Vendor Fix For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html For Red Hat OpenShift Logging 5.2, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5127

Workaround For Log4j versions >=2.10 set the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true For Log4j versions >=2.7 and <=2.14.1 all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m For Log4j versions >=2.0-beta9 and <=2.10.0 remove the JndiLookup class from the classpath. For example: ``` zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ``` On OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421 On OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441

CVE-2021-45046

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html For Red Hat OpenShift Logging 5.2, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5127

Workaround For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).

References

URL

Category

	https://access.redhat.com/errata/RHSA-2021:5127	self
	https://access.redhat.com/security/updates/classi…	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1944888	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2004133	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2004135	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://issues.redhat.com/browse/LOG-1775	external
	https://issues.redhat.com/browse/LOG-1824	external
	https://issues.redhat.com/browse/LOG-1963	external
	https://issues.redhat.com/browse/LOG-1970	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2021-21409	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1944888	external
	https://www.cve.org/CVERecord?id=CVE-2021-21409	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-21409	external
	https://github.com/netty/netty/security/advisorie…	external
	https://access.redhat.com/security/cve/CVE-2021-37136	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2004133	external
	https://www.cve.org/CVERecord?id=CVE-2021-37136	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-37136	external
	https://github.com/netty/netty/security/advisorie…	external
	https://access.redhat.com/security/cve/CVE-2021-37137	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2004135	external
	https://www.cve.org/CVERecord?id=CVE-2021-37137	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-37137	external
	https://access.redhat.com/security/cve/CVE-2021-44228	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://www.cve.org/CVERecord?id=CVE-2021-44228	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-44228	external
	https://github.com/advisories/GHSA-jfh8-c2jp-5v3q	external
	https://logging.apache.org/log4j/2.x/security.html	external
	https://www.lunasec.io/docs/blog/log4j-zero-day/	external
	https://www.cisa.gov/known-exploited-vulnerabilit…	external
	https://access.redhat.com/security/cve/CVE-2021-45046	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2032580	external
	https://www.cve.org/CVERecord?id=CVE-2021-45046	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-45046	external
	https://access.redhat.com/security/cve/CVE-2021-44228	external
	https://www.openwall.com/lists/oss-security/2021/…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for OpenShift Logging 5.2.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Openshift Logging Security and Bug Fix Release (5.2.4)\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:5127",
        "url": "https://access.redhat.com/errata/RHSA-2021:5127"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
      },
      {
        "category": "external",
        "summary": "1944888",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
      },
      {
        "category": "external",
        "summary": "2004133",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
      },
      {
        "category": "external",
        "summary": "2004135",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
      },
      {
        "category": "external",
        "summary": "2030932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
      },
      {
        "category": "external",
        "summary": "LOG-1775",
        "url": "https://issues.redhat.com/browse/LOG-1775"
      },
      {
        "category": "external",
        "summary": "LOG-1824",
        "url": "https://issues.redhat.com/browse/LOG-1824"
      },
      {
        "category": "external",
        "summary": "LOG-1963",
        "url": "https://issues.redhat.com/browse/LOG-1963"
      },
      {
        "category": "external",
        "summary": "LOG-1970",
        "url": "https://issues.redhat.com/browse/LOG-1970"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_5127.json"
      }
    ],
    "title": "Red Hat Security Advisory: Openshift Logging security and bug update (5.2.4)",
    "tracking": {
      "current_release_date": "2024-12-18T00:00:07+00:00",
      "generator": {
        "date": "2024-12-18T00:00:07+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2021:5127",
      "initial_release_date": "2021-12-14T18:38:45+00:00",
      "revision_history": [
        {
          "date": "2021-12-14T18:38:45+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-12-14T18:38:45+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-18T00:00:07+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "OpenShift Logging 5.2",
                "product": {
                  "name": "OpenShift Logging 5.2",
                  "product_id": "8Base-OSE-LOGGING-5.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:logging:5.2::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.2.4-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.2.4-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-67"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
                "product": {
                  "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
                  "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-44"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-47"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-66"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-71"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-74"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.2.4-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.2.4-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-67"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
                "product": {
                  "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
                  "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-44"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-47"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-66"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-71"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-74"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.2.4-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
                  "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.2.4-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.2.4-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
                  "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.2.4-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-67"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
                "product": {
                  "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
                  "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-44"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-47"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-66"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-71"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-74"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64 as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64 as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64 as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64 as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64 as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64 as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64 as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64 as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64 as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x"
        },
        "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64 as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64"
        },
        "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le"
        },
        "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64 as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-21409",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2021-03-30T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1944888"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: Request smuggling via content-length header",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Satellite ships a vulnerable Netty version embedded in Candlepin. However, it is not directly vulnerable since the HTTP requests are handled by Tomcat and not by Netty.\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21409"
        },
        {
          "category": "external",
          "summary": "RHBZ#1944888",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21409",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
        }
      ],
      "release_date": "2021-03-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T18:38:45+00:00",
          "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5127"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty: Request smuggling via content-length header"
    },
    {
      "cve": "CVE-2021-37136",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-09-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2004133"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-37136"
        },
        {
          "category": "external",
          "summary": "RHBZ#2004133",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
        }
      ],
      "release_date": "2021-09-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T18:38:45+00:00",
          "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5127"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data"
    },
    {
      "cve": "CVE-2021-37137",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-09-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2004135"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-37137"
        },
        {
          "category": "external",
          "summary": "RHBZ#2004135",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
        }
      ],
      "release_date": "2021-09-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T18:38:45+00:00",
          "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5127"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way"
    },
    {
      "cve": "CVE-2021-44228",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-12-10T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030932"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue only affects log4j versions between 2.0  and 2.14.1. In order to exploit this flaw you need:\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n\nIn Red Hat OpenShift Logging the vulnerable log4j library is shipped in the Elasticsearch components. Because Elasticsearch is not susceptible to remote code execution with this vulnerability due to use of the Java Security Manager and because access to these components is limited, the impact by this vulnerability is reduced to Moderate.\n\nAs per upstream applications using Log4j 1.x may be impacted by this flaw if their configuration uses JNDI. However, the risk is much lower. This flaw in Log4j 1.x is tracked via https://access.redhat.com/security/cve/CVE-2021-4104 and has been rated as having Moderate security impact.\n\nCodeReady Studio version 12.21.1 was released containing a fix for this vulnerability.\n\nThe following products are NOT affected by this flaw and have been explicitly listed here for the benefit of our customers.\n- Red Hat Enterprise Linux\n- Red Hat Advanced Cluster Management for Kubernetes \n- Red Hat Advanced Cluster Security for Kubernetes\n- Red Hat Ansible Automation Platform (Engine and Tower)\n- Red Hat Certificate System\n- Red Hat Directory Server\n- Red Hat Identity Management\n- Red Hat CloudForms \n- Red Hat Update Infrastructure\n- Red Hat Satellite\n- Red Hat Ceph Storage\n- Red Hat Gluster Storage\n- Red Hat OpenShift Data Foundation\n- Red Hat OpenStack Platform\n- Red Hat Virtualization\n- Red Hat Single Sign-On\n- Red Hat 3scale API Management",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030932",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
        },
        {
          "category": "external",
          "summary": "RHSB-2021-009",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q",
          "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.lunasec.io/docs/blog/log4j-zero-day/",
          "url": "https://www.lunasec.io/docs/blog/log4j-zero-day/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-10T02:01:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T18:38:45+00:00",
          "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5127"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions \u003e=2.10\nset the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true\n\nFor Log4j versions \u003e=2.7 and \u003c=2.14.1\nall PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m\n\nFor Log4j versions \u003e=2.0-beta9 and \u003c=2.10.0\nremove the JndiLookup class from the classpath. For example: \n```\nzip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\n```\n\nOn OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421\n\nOn OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2021-12-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value"
    },
    {
      "cve": "CVE-2021-45046",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-12-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2032580"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "RHBZ#2032580",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/cve/CVE-2021-44228",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4",
          "url": "https://www.openwall.com/lists/oss-security/2021/12/14/4"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T18:38:45+00:00",
          "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5127"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-05-01T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)"
    }
  ]
}

RHSA-2021:5134

Vulnerability from csaf_redhat - Published: 2021-12-14 21:31 - Updated: 2026-04-02 00:52

Summary

Red Hat Security Advisory: Red Hat Fuse 7.10.0 release and security update

Severity

Critical

Notes

Topic: A minor version update (from 7.9 to 7.10) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: This release of Red Hat Fuse 7.10.0 serves as a replacement for Red Hat Fuse 7.9, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * log4j-core (CVE-2020-9488, CVE-2021-44228) * nodejs-lodash (CVE-2019-10744) * libthrift (CVE-2020-13949) * xstream (CVE-2020-26217, CVE-2020-26259, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351) * undertow (CVE-2020-27782, CVE-2021-3597, CVE-2021-3629, CVE-2021-3690) * xmlbeans (CVE-2021-23926) * batik (CVE-2020-11987) * xmlgraphics-commons (CVE-2020-11988) * tomcat (CVE-2020-13943) * bouncycastle (CVE-2020-15522, CVE-2020-15522) * groovy (CVE-2020-17521) * tomcat (CVE-2020-17527) * jetty (CVE-2020-27218, CVE-2020-27223, CVE-2021-28163, CVE-2021-28164, CVE-2021-28169, CVE-2021-34428) * jackson-dataformat-cbor (CVE-2020-28491) * jboss-remoting (CVE-2020-35510) * kubernetes-client (CVE-2021-20218) * netty (CVE-2021-21290, CVE-2021-21295, CVE-2021-21409) * spring-web (CVE-2021-22118) * cxf-core (CVE-2021-22696) * json-smart (CVE-2021-27568) * jakarta.el (CVE-2021-28170) * commons-io (CVE-2021-29425) * sshd-core (CVE-2021-30129) * cxf-rt-rs-json-basic (CVE-2021-30468) * netty-codec (CVE-2021-37136, CVE-2021-37137) * jsoup (CVE-2021-37714) * poi (CVE-2019-12415) * mysql-connector-java (CVE-2020-2875, CVE-2020-2934) * wildfly (CVE-2021-3536) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2019-10744

A Prototype Pollution vulnerability was found in lodash. Calling certain methods with untrusted JSON could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.

9.1 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-20 - Improper Input Validation

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2019-12415

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.

5.0 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CWE-611 - Improper Restriction of XML External Entity Reference

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

Workaround The vulnerability is in the XSSFExportToXml util; avoid usage of this tool to mitigate the vulnerability.

CVE-2020-2875

A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user's connection and insert unauthorized SQL commands in MySQL Connectors and other products.

4.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2020-2934

A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user's connection and insert unauthorized SQL commands.

5.0 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2020-9488

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-295 - Improper Certificate Validation

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

Workaround Previous versions can set the system property mail.smtp.ssl.checkserveridentity to true to globally enable hostname verification for SMTPS connections.

CVE-2020-11987

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

Workaround Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

CVE-2020-11988

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

Workaround Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

CVE-2020-13943

A flaw was found in Apache Tomcat. If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it is possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. The highest threat from this vulnerability is to data confidentiality.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2020-13949

A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentially leading to denial of service. The highest threat from this vulnerability is to system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2020-15522

A flaw was found in bouncycastle. A timing issue within the EC math library can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2020-17521

A flaw was found in Apache Groovy. Groovy makes use of a method for creating temporary directories which is not suitable for security-sensitive contexts and allows for sensitive information leakage. The highest threat from this vulnerability is to data confidentiality.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

Workaround Setting the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability for all operating systems and all Groovy versions. Users who cannot easily move to the fixed Groovy versions may wish to consider using the JDK’s Files#createTempDirectory method instead of the Groovy extension methods.

CVE-2020-17527

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2020-26217

A flaw was found in xstream. An unsafe deserialization of user-supplied XML, in conjunction with relying on the default deny list, allows a remote attacker to perform a variety of attacks including a remote code execution of arbitrary code in the context of the JVM running the XStream application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

9.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

Workaround Depending on the version of XStream used there are various usage patterns that mitigate this flaw, though we would strongly recommend using the allow list approach if at all possible as there are likely more class combinations the deny list approach may not address. Allow list approach ```java XStream xstream = new XStream(); XStream.setupDefaultSecurity(xstream); xstream.allowTypesByWildcard(new String[] {"com.misc.classname"}) ``` Deny list for XStream 1.4.13 ```java xstream.denyTypes(new String[]{ "javax.imageio.ImageIO$ContainsFilter" }); xstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class }); ``` Deny list for XStream 1.4.7 -> 1.4.12 ```java xstream.denyTypes(new String[]{ "javax.imageio.ImageIO$ContainsFilter" }); xstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class, java.beans.EventHandler.class, java.lang.ProcessBuilder.class, java.lang.Void.class, void.class }); ``` Deny list for versions prior to XStream 1.4.7 ```java xstream.registerConverter(new Converter() { public boolean canConvert(Class type) { return type != null && (type == java.beans.EventHandler.class || type == java.lang.ProcessBuilder.class || type == java.lang.Void.class || void.class || type.getName().equals("javax.imageio.ImageIO$ContainsFilter") || Proxy.isProxy(type)); } public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) { throw new ConversionException("Unsupported type due to security reasons."); } public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) { throw new ConversionException("Unsupported type due to security reasons."); } }, XStream.PRIORITY_LOW); ```

CVE-2020-26259

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist running Java 15 or higher. No user is affected, who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

Workaround As recommended, use XStream's security framework to implement a whitelist for the allowed types. Users of XStream 1.4.14 who insist to use XStream default blacklist - despite that clear recommendation - can simply add two lines to XStream's setup code: xstream.denyTypes(new String[]{ "jdk.nashorn.internal.objects.NativeString" }); xstream.denyTypesByRegExp(new String[]{ ".*\\.ReadAllStream\\$FileStream" }); Users of XStream 1.4.13 who want to use XStream default blacklist can simply add three lines to XStream's setup code: xstream.denyTypes(new String[]{ "javax.imageio.ImageIO$ContainsFilter", "jdk.nashorn.internal.objects.NativeString" }); xstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class }); xstream.denyTypesByRegExp(new String[]{ ".*\\.ReadAllStream\\$FileStream" }); Users of XStream 1.4.12 to 1.4.7 who want to use XStream with a blacklist will have to setup such a list from scratch and deny at least the following types: javax.imageio.ImageIO$ContainsFilter, java.beans.EventHandler, java.lang.ProcessBuilder, jdk.nashorn.internal.objects.NativeString, java.lang.Void and void and deny several types by name pattern. xstream.denyTypes(new String[]{ "javax.imageio.ImageIO$ContainsFilter", "jdk.nashorn.internal.objects.NativeString" }); xstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class, java.beans.EventHandler.class, java.lang.ProcessBuilder.class, java.lang.Void.class, void.class }); xstream.denyTypesByRegExp(new String[]{ ".*\\$LazyIterator", "javax\\.crypto\\..*", ".*\\.ReadAllStream\\$FileStream" }); Users of XStream 1.4.6 or below can register an own converter to prevent the unmarshalling of the currently know critical types of the Java runtime. It is in fact an updated version of the workaround for CVE-2013-7285: xstream.registerConverter(new Converter() { public boolean canConvert(Class type) { return type != null && (type == java.beans.EventHandler.class || type == java.lang.ProcessBuilder.class || type.getName().equals("javax.imageio.ImageIO$ContainsFilter") || type.getName().equals("jdk.nashorn.internal.objects.NativeString") || type == java.lang.Void.class || void.class || Proxy.isProxy(type) || type.getName().startsWith("javax.crypto.") || type.getName().endsWith("$LazyIterator") || type.getName().endsWith(".ReadAllStream$FileStream")); } public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) { throw new ConversionException("Unsupported type due to security reasons."); } public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) { throw new ConversionException("Unsupported type due to security reasons."); } }, XStream.PRIORITY_LOW);

CVE-2020-27218

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-226 - Sensitive Information in Resource Not Removed Before Reuse

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2020-27223

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2020-27782

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

Workaround The issue can be mitigated by using HTTP/1.1 instead of AJP to proxy to the back-end.

CVE-2020-28491

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2020-35510

A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-3536

A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack (XSS). The highest threat from this vulnerability is to confidentiality and integrity.

3.5 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-3597

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-3629

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-3690

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-401 - Missing Release of Memory after Effective Lifetime

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-20218

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-21290

In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used, a local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure.

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-21295

In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-21341

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-21342

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-21343

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-502 - Deserialization of Untrusted Data

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-21344

A flaw was found in xstream. A remote attacker may be able to load and execute arbitrary code from a remote host only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-502 - Deserialization of Untrusted Data

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-21345

A flaw was found in xstream. A remote attacker, who has sufficient rights, can execute commands of the host by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-21346

A flaw was found in xstream. A remote attacker can load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-21347

A flaw was found in xstream. A remote attacker may be able to load and execute arbitrary code from a remote host only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-21348

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-21349

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-21350

A flaw was found in xstream. A remote attacker may be able to execute arbitrary code only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-21351

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

8.0 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-21409

A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-22118

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-281 - Improper Preservation of Permissions

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-22696

CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the "request_uri" parameter. CXF was not validating the "request_uri" parameter (apart from ensuring it uses "https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-23926

A flaw was found when parsing XML files using XMLBeans 2.6.0 or below. The underlying parser created by XMLBeans could be susceptible to XML External Entity (XXE) attacks. The highest threat from this vulnerability is to confidentiality and system availability.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

Workaround Affected users are advised to update to Apache XMLBeans 3.0.0 or above, which fixes this vulnerability.

CVE-2021-27568

A flaw was found in json-smart. When an exception is thrown from a function, but is not caught, the program using the library may crash or expose sensitive information. The highest threat from this vulnerability is to data confidentiality and system availability. In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of json-smart package. Since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix. This may be fixed in the future. [1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-28163

If the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink the contents of the ${jetty.base}/webapps directory may be deployed as a static web application, exposing the content of the directory for download. The highest threat from this vulnerability is to data confidentiality.

2.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-28164

In Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can use this vulnerability to reveal sensitive information regarding the implementation of a web application.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-28169

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-28170

In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-20 - Improper Input Validation

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-30129

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-30468

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-34428

A flaw was discovered in the jetty-server, where if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts, this could result in a session not being invalidated and a shared-computer application being left logged in. The highest threat from this vulnerability is to data confidentiality and integrity.

3.5 (Low)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-613 - Insufficient Session Expiration

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

Workaround Applications should catch all Throwables within their SessionListener#sessionDestroyed() implementations.

CVE-2021-37136

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-37137

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-37714

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

CVE-2021-44228

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ https://access.redhat.com/errata/RHSA-2021:5134

Workaround For Log4j versions >=2.10 set the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true For Log4j versions >=2.7 and <=2.14.1 all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m For Log4j versions >=2.0-beta9 and <=2.10.0 remove the JndiLookup class from the classpath. For example: ``` zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ``` On OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421 On OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441

References

URL

Category

	https://access.redhat.com/errata/RHSA-2021:5134	self
	https://access.redhat.com/security/updates/classi…	external
	https://access.redhat.com/documentation/en-us/red…	external
	https://access.redhat.com/jbossnetwork/restricted…	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1739497	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1802531	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1831139	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1851014	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1851019	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1887648	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1898907	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1901304	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1902826	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1904221	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1905796	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1908837	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1922102	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1922123	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1923405	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1927028	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1928172	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1930423	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1933808	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1933816	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1934116	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1937364	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1939839	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1942539	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1942545	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1942550	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1942554	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1942558	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1942578	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1942629	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1942633	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1942635	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1942637	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1942642	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1944888	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1945710	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1945712	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1946341	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1948001	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1948752	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1962879	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1965497	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1970930	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1971016	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1973392	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1974854	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1974891	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1977362	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1981527	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1991299	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1995259	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2004133	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2004135	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2019-10744	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1739497	external
	https://www.cve.org/CVERecord?id=CVE-2019-10744	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-10744	external
	https://access.redhat.com/security/cve/CVE-2019-12415	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1802531	external
	https://www.cve.org/CVERecord?id=CVE-2019-12415	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-12415	external
	https://access.redhat.com/security/cve/CVE-2020-2875	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1851019	external
	https://www.cve.org/CVERecord?id=CVE-2020-2875	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-2875	external
	https://access.redhat.com/security/cve/CVE-2020-2934	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1851014	external
	https://www.cve.org/CVERecord?id=CVE-2020-2934	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-2934	external
	https://access.redhat.com/security/cve/CVE-2020-9488	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1831139	external
	https://www.cve.org/CVERecord?id=CVE-2020-9488	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-9488	external
	https://access.redhat.com/security/cve/CVE-2020-11987	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1933808	external
	https://www.cve.org/CVERecord?id=CVE-2020-11987	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-11987	external
	https://xmlgraphics.apache.org/security.html	external
	https://access.redhat.com/security/cve/CVE-2020-11988	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1933816	external
	https://www.cve.org/CVERecord?id=CVE-2020-11988	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-11988	external
	https://access.redhat.com/security/cve/CVE-2020-13943	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1887648	external
	https://www.cve.org/CVERecord?id=CVE-2020-13943	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-13943	external
	http://mail-archives.apache.org/mod_mbox/tomcat-a…	external
	http://tomcat.apache.org/security-10.html#Fixed_i…	external
	http://tomcat.apache.org/security-8.html#Fixed_in…	external
	http://tomcat.apache.org/security-9.html#Fixed_in…	external
	https://access.redhat.com/security/cve/CVE-2020-13949	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1928172	external
	https://www.cve.org/CVERecord?id=CVE-2020-13949	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-13949	external
	https://access.redhat.com/security/cve/CVE-2020-15522	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1962879	external
	https://www.cve.org/CVERecord?id=CVE-2020-15522	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-15522	external
	https://access.redhat.com/security/cve/CVE-2020-17521	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1922123	external
	https://www.cve.org/CVERecord?id=CVE-2020-17521	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-17521	external
	https://groovy-lang.org/security.html#CVE-2020-17521	external
	https://access.redhat.com/security/cve/CVE-2020-17527	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1904221	external
	https://www.cve.org/CVERecord?id=CVE-2020-17527	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-17527	external
	http://tomcat.apache.org/security-10.html#Fixed_i…	external
	http://tomcat.apache.org/security-8.html#Fixed_in…	external
	http://tomcat.apache.org/security-9.html#Fixed_in…	external
	https://access.redhat.com/security/cve/CVE-2020-26217	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1898907	external
	https://www.cve.org/CVERecord?id=CVE-2020-26217	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-26217	external
	https://access.redhat.com/security/cve/CVE-2020-26259	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1908837	external
	https://www.cve.org/CVERecord?id=CVE-2020-26259	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-26259	external
	https://access.redhat.com/security/cve/CVE-2020-27218	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1902826	external
	https://www.cve.org/CVERecord?id=CVE-2020-27218	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-27218	external
	https://github.com/eclipse/jetty.project/security…	external
	https://access.redhat.com/security/cve/CVE-2020-27223	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1934116	external
	https://www.cve.org/CVERecord?id=CVE-2020-27223	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-27223	external
	https://github.com/eclipse/jetty.project/security…	external
	https://access.redhat.com/security/cve/CVE-2020-27782	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1901304	external
	https://www.cve.org/CVERecord?id=CVE-2020-27782	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-27782	external
	https://access.redhat.com/security/cve/CVE-2020-28491	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1930423	external
	https://www.cve.org/CVERecord?id=CVE-2020-28491	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-28491	external
	https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSO…	external
	https://access.redhat.com/security/cve/CVE-2020-35510	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1905796	external
	https://www.cve.org/CVERecord?id=CVE-2020-35510	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-35510	external
	https://access.redhat.com/security/cve/CVE-2021-3536	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1948001	external
	https://www.cve.org/CVERecord?id=CVE-2021-3536	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-3536	external
	https://access.redhat.com/security/cve/CVE-2021-3597	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1970930	external
	https://www.cve.org/CVERecord?id=CVE-2021-3597	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-3597	external
	https://access.redhat.com/security/cve/CVE-2021-3629	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1977362	external
	https://www.cve.org/CVERecord?id=CVE-2021-3629	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-3629	external
	https://access.redhat.com/security/cve/CVE-2021-3690	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1991299	external
	https://www.cve.org/CVERecord?id=CVE-2021-3690	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-3690	external
	https://access.redhat.com/security/cve/CVE-2021-20218	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1923405	external
	https://www.cve.org/CVERecord?id=CVE-2021-20218	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-20218	external
	https://github.com/fabric8io/kubernetes-client/is…	external
	https://access.redhat.com/security/cve/CVE-2021-21290	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1927028	external
	https://www.cve.org/CVERecord?id=CVE-2021-21290	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-21290	external
	https://access.redhat.com/security/cve/CVE-2021-21295	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1937364	external
	https://www.cve.org/CVERecord?id=CVE-2021-21295	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-21295	external
	https://github.com/netty/netty/security/advisorie…	external
	https://access.redhat.com/security/cve/CVE-2021-21341	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1942539	external
	https://www.cve.org/CVERecord?id=CVE-2021-21341	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-21341	external
	https://access.redhat.com/security/cve/CVE-2021-21342	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1942545	external
	https://www.cve.org/CVERecord?id=CVE-2021-21342	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-21342	external
	https://access.redhat.com/security/cve/CVE-2021-21343	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1942550	external
	https://www.cve.org/CVERecord?id=CVE-2021-21343	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-21343	external
	https://access.redhat.com/security/cve/CVE-2021-21344	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1942554	external
	https://www.cve.org/CVERecord?id=CVE-2021-21344	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-21344	external
	https://access.redhat.com/security/cve/CVE-2021-21345	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1942558	external
	https://www.cve.org/CVERecord?id=CVE-2021-21345	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-21345	external
	https://access.redhat.com/security/cve/CVE-2021-21346	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1942578	external
	https://www.cve.org/CVERecord?id=CVE-2021-21346	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-21346	external
	https://access.redhat.com/security/cve/CVE-2021-21347	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1942629	external
	https://www.cve.org/CVERecord?id=CVE-2021-21347	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-21347	external
	https://access.redhat.com/security/cve/CVE-2021-21348	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1942633	external
	https://www.cve.org/CVERecord?id=CVE-2021-21348	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-21348	external
	https://access.redhat.com/security/cve/CVE-2021-21349	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1942635	external
	https://www.cve.org/CVERecord?id=CVE-2021-21349	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-21349	external
	https://access.redhat.com/security/cve/CVE-2021-21350	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1942637	external
	https://www.cve.org/CVERecord?id=CVE-2021-21350	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-21350	external
	https://access.redhat.com/security/cve/CVE-2021-21351	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1942642	external
	https://www.cve.org/CVERecord?id=CVE-2021-21351	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-21351	external
	https://access.redhat.com/security/cve/CVE-2021-21409	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1944888	external
	https://www.cve.org/CVERecord?id=CVE-2021-21409	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-21409	external
	https://github.com/netty/netty/security/advisorie…	external
	https://access.redhat.com/security/cve/CVE-2021-22118	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1974854	external
	https://www.cve.org/CVERecord?id=CVE-2021-22118	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-22118	external
	https://github.com/spring-projects/spring-framewo…	external
	https://tanzu.vmware.com/security/cve-2021-22118	external
	https://access.redhat.com/security/cve/CVE-2021-22696	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1946341	external
	https://www.cve.org/CVERecord?id=CVE-2021-22696	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-22696	external
	https://cxf.apache.org/security-advisories.data/C…	external
	https://access.redhat.com/security/cve/CVE-2021-23926	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1922102	external
	https://www.cve.org/CVERecord?id=CVE-2021-23926	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-23926	external
	https://access.redhat.com/security/cve/CVE-2021-27568	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1939839	external
	https://www.cve.org/CVERecord?id=CVE-2021-27568	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-27568	external
	https://access.redhat.com/security/cve/CVE-2021-28163	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1945710	external
	https://www.cve.org/CVERecord?id=CVE-2021-28163	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-28163	external
	https://github.com/eclipse/jetty.project/security…	external
	https://access.redhat.com/security/cve/CVE-2021-28164	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1945712	external
	https://www.cve.org/CVERecord?id=CVE-2021-28164	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-28164	external
	https://github.com/eclipse/jetty.project/security…	external
	https://access.redhat.com/security/cve/CVE-2021-28169	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1971016	external
	https://www.cve.org/CVERecord?id=CVE-2021-28169	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-28169	external
	https://access.redhat.com/security/cve/CVE-2021-28170	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1965497	external
	https://www.cve.org/CVERecord?id=CVE-2021-28170	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-28170	external
	https://securitylab.github.com/advisories/GHSL-20…	external
	https://access.redhat.com/security/cve/CVE-2021-29425	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1948752	external
	https://www.cve.org/CVERecord?id=CVE-2021-29425	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-29425	external
	https://access.redhat.com/security/cve/CVE-2021-30129	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1981527	external
	https://www.cve.org/CVERecord?id=CVE-2021-30129	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-30129	external
	https://access.redhat.com/security/cve/CVE-2021-30468	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1973392	external
	https://www.cve.org/CVERecord?id=CVE-2021-30468	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-30468	external
	http://cxf.apache.org/security-advisories.data/CV…	external
	https://access.redhat.com/security/cve/CVE-2021-34428	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1974891	external
	https://www.cve.org/CVERecord?id=CVE-2021-34428	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-34428	external
	https://github.com/eclipse/jetty.project/security…	external
	https://access.redhat.com/security/cve/CVE-2021-37136	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2004133	external
	https://www.cve.org/CVERecord?id=CVE-2021-37136	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-37136	external
	https://github.com/netty/netty/security/advisorie…	external
	https://access.redhat.com/security/cve/CVE-2021-37137	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2004135	external
	https://www.cve.org/CVERecord?id=CVE-2021-37137	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-37137	external
	https://access.redhat.com/security/cve/CVE-2021-37714	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1995259	external
	https://www.cve.org/CVERecord?id=CVE-2021-37714	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-37714	external
	https://github.com/jhy/jsoup/security/advisories/…	external
	https://access.redhat.com/security/cve/CVE-2021-44228	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://www.cve.org/CVERecord?id=CVE-2021-44228	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-44228	external
	https://github.com/advisories/GHSA-jfh8-c2jp-5v3q	external
	https://logging.apache.org/log4j/2.x/security.html	external
	https://www.lunasec.io/docs/blog/log4j-zero-day/	external
	https://www.cisa.gov/known-exploited-vulnerabilit…	external

Acknowledgments

Damian Bury

Ivan Bodrov

Red Hat Marc Nuri

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A minor version update (from 7.9 to 7.10) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This release of Red Hat Fuse 7.10.0 serves as a replacement for Red Hat Fuse 7.9, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n*  log4j-core (CVE-2020-9488, CVE-2021-44228)\n\n*  nodejs-lodash (CVE-2019-10744)\n\n*  libthrift (CVE-2020-13949)\n\n*  xstream (CVE-2020-26217, CVE-2020-26259, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351)\n\n*  undertow (CVE-2020-27782, CVE-2021-3597, CVE-2021-3629, CVE-2021-3690)\n\n*  xmlbeans (CVE-2021-23926)\n\n*  batik (CVE-2020-11987)\n\n*  xmlgraphics-commons (CVE-2020-11988)\n\n*  tomcat (CVE-2020-13943)\n\n*  bouncycastle (CVE-2020-15522, CVE-2020-15522)\n\n*  groovy (CVE-2020-17521)\n\n*  tomcat (CVE-2020-17527)\n\n*  jetty (CVE-2020-27218, CVE-2020-27223, CVE-2021-28163, CVE-2021-28164, CVE-2021-28169, CVE-2021-34428)\n\n*  jackson-dataformat-cbor (CVE-2020-28491)\n\n*  jboss-remoting (CVE-2020-35510)\n\n*  kubernetes-client (CVE-2021-20218)\n\n*  netty (CVE-2021-21290, CVE-2021-21295, CVE-2021-21409)\n\n*  spring-web (CVE-2021-22118)\n\n*  cxf-core (CVE-2021-22696)\n\n*  json-smart (CVE-2021-27568)\n\n*  jakarta.el (CVE-2021-28170)\n\n*  commons-io (CVE-2021-29425)\n\n*  sshd-core (CVE-2021-30129)\n\n*  cxf-rt-rs-json-basic (CVE-2021-30468)\n\n*  netty-codec (CVE-2021-37136, CVE-2021-37137)\n\n*  jsoup (CVE-2021-37714)\n\n*  poi (CVE-2019-12415)\n\n*  mysql-connector-java (CVE-2020-2875, CVE-2020-2934)\n\n*  wildfly (CVE-2021-3536)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:5134",
        "url": "https://access.redhat.com/errata/RHSA-2021:5134"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.10.0",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.10.0"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
      },
      {
        "category": "external",
        "summary": "1739497",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1739497"
      },
      {
        "category": "external",
        "summary": "1802531",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802531"
      },
      {
        "category": "external",
        "summary": "1831139",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831139"
      },
      {
        "category": "external",
        "summary": "1851014",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851014"
      },
      {
        "category": "external",
        "summary": "1851019",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851019"
      },
      {
        "category": "external",
        "summary": "1887648",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887648"
      },
      {
        "category": "external",
        "summary": "1898907",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898907"
      },
      {
        "category": "external",
        "summary": "1901304",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901304"
      },
      {
        "category": "external",
        "summary": "1902826",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902826"
      },
      {
        "category": "external",
        "summary": "1904221",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1904221"
      },
      {
        "category": "external",
        "summary": "1905796",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905796"
      },
      {
        "category": "external",
        "summary": "1908837",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908837"
      },
      {
        "category": "external",
        "summary": "1922102",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922102"
      },
      {
        "category": "external",
        "summary": "1922123",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922123"
      },
      {
        "category": "external",
        "summary": "1923405",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923405"
      },
      {
        "category": "external",
        "summary": "1927028",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927028"
      },
      {
        "category": "external",
        "summary": "1928172",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928172"
      },
      {
        "category": "external",
        "summary": "1930423",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423"
      },
      {
        "category": "external",
        "summary": "1933808",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933808"
      },
      {
        "category": "external",
        "summary": "1933816",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933816"
      },
      {
        "category": "external",
        "summary": "1934116",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934116"
      },
      {
        "category": "external",
        "summary": "1937364",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937364"
      },
      {
        "category": "external",
        "summary": "1939839",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939839"
      },
      {
        "category": "external",
        "summary": "1942539",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942539"
      },
      {
        "category": "external",
        "summary": "1942545",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942545"
      },
      {
        "category": "external",
        "summary": "1942550",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942550"
      },
      {
        "category": "external",
        "summary": "1942554",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942554"
      },
      {
        "category": "external",
        "summary": "1942558",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942558"
      },
      {
        "category": "external",
        "summary": "1942578",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942578"
      },
      {
        "category": "external",
        "summary": "1942629",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942629"
      },
      {
        "category": "external",
        "summary": "1942633",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942633"
      },
      {
        "category": "external",
        "summary": "1942635",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942635"
      },
      {
        "category": "external",
        "summary": "1942637",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942637"
      },
      {
        "category": "external",
        "summary": "1942642",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942642"
      },
      {
        "category": "external",
        "summary": "1944888",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
      },
      {
        "category": "external",
        "summary": "1945710",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945710"
      },
      {
        "category": "external",
        "summary": "1945712",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945712"
      },
      {
        "category": "external",
        "summary": "1946341",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946341"
      },
      {
        "category": "external",
        "summary": "1948001",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948001"
      },
      {
        "category": "external",
        "summary": "1948752",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948752"
      },
      {
        "category": "external",
        "summary": "1962879",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962879"
      },
      {
        "category": "external",
        "summary": "1965497",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965497"
      },
      {
        "category": "external",
        "summary": "1970930",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970930"
      },
      {
        "category": "external",
        "summary": "1971016",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971016"
      },
      {
        "category": "external",
        "summary": "1973392",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973392"
      },
      {
        "category": "external",
        "summary": "1974854",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974854"
      },
      {
        "category": "external",
        "summary": "1974891",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974891"
      },
      {
        "category": "external",
        "summary": "1977362",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977362"
      },
      {
        "category": "external",
        "summary": "1981527",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981527"
      },
      {
        "category": "external",
        "summary": "1991299",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991299"
      },
      {
        "category": "external",
        "summary": "1995259",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995259"
      },
      {
        "category": "external",
        "summary": "2004133",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
      },
      {
        "category": "external",
        "summary": "2004135",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
      },
      {
        "category": "external",
        "summary": "2030932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_5134.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Fuse 7.10.0 release and security update",
    "tracking": {
      "current_release_date": "2026-04-02T00:52:35+00:00",
      "generator": {
        "date": "2026-04-02T00:52:35+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.4"
        }
      },
      "id": "RHSA-2021:5134",
      "initial_release_date": "2021-12-14T21:31:33+00:00",
      "revision_history": [
        {
          "date": "2021-12-14T21:31:33+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-12-14T21:31:33+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-02T00:52:35+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Fuse 7.10",
                "product": {
                  "name": "Red Hat Fuse 7.10",
                  "product_id": "Red Hat Fuse 7.10",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_fuse:7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Fuse"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-10744",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2019-07-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1739497"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A Prototype Pollution vulnerability was found in lodash. Calling certain methods with untrusted JSON could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The lodash dependency is included in OpenShift Container Platform (OCP) by Kibana in the aggregated logging stack. Elastic have issued a security advisory (ESA-2019-10) for Kibana for this vulnerability, and in that advisory stated that no exploit vectors had been identified in Kibana. Therefore we rate this issue as moderate for OCP and may fix this issue in a future release.\n\nhttps://www.elastic.co/community/security\n\nThis issue did not affect the versions of rh-nodejs8-nodejs and  rh-nodejs10-nodejs  as shipped with Red Hat Software Collections.\n\nWhilst a vulnerable version of lodash has been included in ServiceMesh, the impact is lowered to Moderate due to the library not being directly accessible increasing the attack complexity and the fact that the attacker would need some existing access - meaning the vulnerability is not crossing a privilege boundary.\n\nRed Hat Quay imports lodash as a runtime dependency of restangular. The restangular function in use by Red Hat Quay do not use lodash to parse user input. This issue therefore rated moderate impact for Red Hat Quay.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-10744"
        },
        {
          "category": "external",
          "summary": "RHBZ#1739497",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1739497"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-10744",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-10744"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10744",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10744"
        }
      ],
      "release_date": "2019-08-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties"
    },
    {
      "cve": "CVE-2019-12415",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2020-02-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1802531"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "poi: a specially crafted Microsoft Excel document allows attacker to read files from the local filesystem",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-12415"
        },
        {
          "category": "external",
          "summary": "RHBZ#1802531",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802531"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12415",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-12415"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12415",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12415"
        }
      ],
      "release_date": "2020-02-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        },
        {
          "category": "workaround",
          "details": "The vulnerability is in the XSSFExportToXml util; avoid usage of this tool to mitigate the vulnerability.",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "poi: a specially crafted Microsoft Excel document allows attacker to read files from the local filesystem"
    },
    {
      "cve": "CVE-2020-2875",
      "discovery_date": "2020-06-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1851019"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection and insert unauthorized SQL commands in MySQL Connectors and other products.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections.  It can be installed this way:\n~~~\nyum-config-manager --enable rhel-server-rhscl-7-rpms\nyum install rh-mariadb103-mariadb-java-client\n~~~",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-2875"
        },
        {
          "category": "external",
          "summary": "RHBZ#1851019",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851019"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2875",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2875"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2875",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2875"
        }
      ],
      "release_date": "2020-04-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete"
    },
    {
      "cve": "CVE-2020-2934",
      "discovery_date": "2020-06-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1851014"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection and insert unauthorized SQL commands.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections.  It can be installed this way:\n~~~\n  # yum-config-manager --enable rhel-server-rhscl-7-rpms\n\n  # yum install rh-mariadb103-mariadb-java-client\n~~~",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-2934"
        },
        {
          "category": "external",
          "summary": "RHBZ#1851014",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851014"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2934",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2934"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2934",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2934"
        }
      ],
      "release_date": "2020-04-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete"
    },
    {
      "cve": "CVE-2020-9488",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "discovery_date": "2020-04-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1831139"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j: improper validation of certificate with host mismatch in SMTP appender",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-9488"
        },
        {
          "category": "external",
          "summary": "RHBZ#1831139",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831139"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9488",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-9488"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9488",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9488"
        }
      ],
      "release_date": "2020-04-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        },
        {
          "category": "workaround",
          "details": "Previous versions can set the system property mail.smtp.ssl.checkserveridentity to true to globally enable hostname verification for SMTPS connections.",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "log4j: improper validation of certificate with host mismatch in SMTP appender"
    },
    {
      "cve": "CVE-2020-11987",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2021-02-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1933808"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "batik: SSRF due to improper input validation by the NodePickerPanel",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-11987"
        },
        {
          "category": "external",
          "summary": "RHBZ#1933808",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933808"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11987",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11987"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11987",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11987"
        },
        {
          "category": "external",
          "summary": "https://xmlgraphics.apache.org/security.html",
          "url": "https://xmlgraphics.apache.org/security.html"
        }
      ],
      "release_date": "2021-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "batik: SSRF due to improper input validation by the NodePickerPanel"
    },
    {
      "cve": "CVE-2020-11988",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2021-02-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1933816"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xmlgraphics-commons: SSRF due to improper input validation by the XMPParser",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw does not affect xmlgraphics-commons as shipped with Red Hat Enterprise Linux 8. It is out of support scope for Red Hat Enterprise Linux 6 and 7. To  learn more about support scope for Red Hat Enterprise Linux, please see https://access.redhat.com/support/policy/updates/errata/ .",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-11988"
        },
        {
          "category": "external",
          "summary": "RHBZ#1933816",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933816"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11988",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11988"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11988",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11988"
        },
        {
          "category": "external",
          "summary": "https://xmlgraphics.apache.org/security.html",
          "url": "https://xmlgraphics.apache.org/security.html"
        }
      ],
      "release_date": "2021-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "xmlgraphics-commons: SSRF due to improper input validation by the XMPParser"
    },
    {
      "cve": "CVE-2020-13943",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-10-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1887648"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Tomcat. If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it is possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. The highest threat from this vulnerability is to data confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Apache Tomcat HTTP/2 Request mix-up",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 8\u0027s Identity Management is using an affected version of Tomcat bundled within PKI servlet engine, however HTTP/2 protocol is not supported by this component.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-13943"
        },
        {
          "category": "external",
          "summary": "RHBZ#1887648",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887648"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13943",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-13943"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13943",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13943"
        },
        {
          "category": "external",
          "summary": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202010.mbox/%3C2b767c6e-dcb9-5816-bd69-a3bc0771fef3%40apache.org%3E",
          "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202010.mbox/%3C2b767c6e-dcb9-5816-bd69-a3bc0771fef3%40apache.org%3E"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M8",
          "url": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M8"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.58",
          "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.58"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.38",
          "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.38"
        }
      ],
      "release_date": "2020-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: Apache Tomcat HTTP/2 Request mix-up"
    },
    {
      "cve": "CVE-2020-13949",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-02-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1928172"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentially leading to denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libthrift: potential DoS when processing untrusted payloads",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* A vulnerable version of the libthrift library is delivered in listed OpenShift Container Platform (OCP) and OpenShift Jaeger (Jaeger) components, but the vulnerable code is not invoked, therefore these components are affected but with impact Moderate. \n\n* For Red Hat OpenStack, because the fix would require a substantial amount of development and OpenDaylight is deprecated in all future versions (RHOSP10 was in tech preview), no update will be provided at this time for the RHOSP libthrift package.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-13949"
        },
        {
          "category": "external",
          "summary": "RHBZ#1928172",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928172"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13949",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13949",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13949"
        }
      ],
      "release_date": "2021-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libthrift: potential DoS when processing untrusted payloads"
    },
    {
      "cve": "CVE-2020-15522",
      "cwe": {
        "id": "CWE-367",
        "name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962879"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in bouncycastle. A timing issue within the EC math library can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bouncycastle: Timing issue within the EC math library",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-15522"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962879",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962879"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15522",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-15522"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15522",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15522"
        }
      ],
      "release_date": "2021-05-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "bouncycastle: Timing issue within the EC math library"
    },
    {
      "cve": "CVE-2020-17521",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-01-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1922123"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Groovy. Groovy makes use of a method for creating temporary directories which is not suitable for security-sensitive contexts and allows for sensitive information leakage. The highest threat from this vulnerability is to data confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "groovy: OS temporary directory leads to information disclosure",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is rated as having a security impact of Moderate and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nIn OpenShift Container Platform (OCP) the vulnerable version of groovy is delivered in jenkins package and openshift4/ose-metering-hive container. The vulnerable groovy extension methods are not used directly in these components, therefore the impact by this vulnerability is Low.\n\nAlthough an affected version of groovy is shipped in CodeReady Studio, the vulnerable functionality is not used by default, so the impact of this vulnerability is set to Low.\n\nRed Hat CodeReady WorkSpaces 2.7.0 does not ship groovy so is not affected by this flaw.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-17521"
        },
        {
          "category": "external",
          "summary": "RHBZ#1922123",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922123"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-17521",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-17521"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-17521",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17521"
        },
        {
          "category": "external",
          "summary": "https://groovy-lang.org/security.html#CVE-2020-17521",
          "url": "https://groovy-lang.org/security.html#CVE-2020-17521"
        }
      ],
      "release_date": "2020-11-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        },
        {
          "category": "workaround",
          "details": "Setting the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability for all operating systems and all Groovy versions. Users who cannot easily move to the fixed Groovy versions may wish to consider using the JDK\u2019s Files#createTempDirectory method instead of the Groovy extension methods.",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "groovy: OS temporary directory leads to information disclosure"
    },
    {
      "cve": "CVE-2020-17527",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-12-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1904221"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: HTTP/2 request header mix-up",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 8\u0027s Identity Management and Certificate System are using a vulnerable version of Tomcat that is bundled into the pki-servlet-engine component. However, HTTP/2 is not enabled in such a configuration, and it is not possible to trigger the flaw in a supported setup. A future update may fix the code.\n\nRed Hat Enterprise Linux 7\u0027s tomcat package, Identity Management, and Certificate System are all not affected by this flaw because HTTP/2 is not supported in the shipped version of tomcat in those packages.\n\ntomcat5 and tomcat6 in Red Hat Enterprise Linux 5 and 6 (respectively) are not affected by this flaw because HTTP/2 is not supported in the shipped versions of those packages.\n\npki-servlet-engine has been obsoleted by Tomcat in Red Hat Enterprise Linux 8.9 and later. Therefore no additional fixes would be made available for the servlet engine.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-17527"
        },
        {
          "category": "external",
          "summary": "RHBZ#1904221",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1904221"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-17527",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-17527"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-17527",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17527"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M10",
          "url": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M10"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.60",
          "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.60"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.40",
          "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.40"
        }
      ],
      "release_date": "2020-12-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: HTTP/2 request header mix-up"
    },
    {
      "cve": "CVE-2020-26217",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2020-11-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1898907"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xstream. An unsafe deserialization of user-supplied XML, in conjunction with relying on the default deny list, allows a remote attacker to perform a variety of attacks including a remote code execution of arbitrary code in the context of the JVM running the XStream application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "XStream: remote code execution due to insecure XML deserialization when relying on blocklists",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) delivers jenkins package with bundled XStream library. Due to JEP-200 Jenkins project [1] and advisory SECURITY-383 [2], OCP jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://www.jenkins.io/security/advisory/2017-02-01/  (see SECURITY-383 / CVE-2017-2608)",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-26217"
        },
        {
          "category": "external",
          "summary": "RHBZ#1898907",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898907"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26217",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-26217"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26217",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26217"
        }
      ],
      "release_date": "2020-11-16T19:40:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        },
        {
          "category": "workaround",
          "details": "Depending on the version of XStream used there are various usage patterns that mitigate this flaw, though we would strongly recommend using the allow list approach if at all possible as there are likely more class combinations the deny list approach may not address.\n\nAllow list approach\n```java\nXStream xstream = new XStream();\nXStream.setupDefaultSecurity(xstream);\nxstream.allowTypesByWildcard(new String[] {\"com.misc.classname\"})\n```\n\nDeny list for XStream 1.4.13\n```java\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class });\n```\n\nDeny list for XStream 1.4.7 -\u003e 1.4.12\n```java\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class, java.beans.EventHandler.class, java.lang.ProcessBuilder.class, java.lang.Void.class, void.class });\n```\n\nDeny list for versions prior to XStream 1.4.7\n```java\nxstream.registerConverter(new Converter() {\n  public boolean canConvert(Class type) {\n    return type != null \u0026\u0026 (type == java.beans.EventHandler.class || type == java.lang.ProcessBuilder.class || type == java.lang.Void.class || void.class || type.getName().equals(\"javax.imageio.ImageIO$ContainsFilter\") || Proxy.isProxy(type));\n  }\n\n  public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {\n    throw new ConversionException(\"Unsupported type due to security reasons.\");\n  }\n\n  public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) {\n    throw new ConversionException(\"Unsupported type due to security reasons.\");\n  }\n}, XStream.PRIORITY_LOW);\n```",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "XStream: remote code execution due to insecure XML deserialization when relying on blocklists"
    },
    {
      "cve": "CVE-2020-26259",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "discovery_date": "2020-12-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1908837"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist running Java 15 or higher. No user is affected, who followed the recommendation to setup XStream\u0027s Security Framework with a whitelist! Anyone relying on XStream\u0027s default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "XStream: arbitrary file deletion on the local host when unmarshalling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) delivers jenkins package with bundled XStream library. Due to JEP-200 Jenkins project [1] and advisory SECURITY-383 [2], OCP jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://www.jenkins.io/security/advisory/2017-02-01/  (see SECURITY-383 / CVE-2017-2608)",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-26259"
        },
        {
          "category": "external",
          "summary": "RHBZ#1908837",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908837"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26259",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-26259"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26259",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26259"
        }
      ],
      "release_date": "2020-12-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        },
        {
          "category": "workaround",
          "details": "As recommended, use XStream\u0027s security framework to implement a whitelist for the allowed types.\n\nUsers of XStream 1.4.14 who insist to use XStream default blacklist - despite that clear recommendation - can simply add two lines to XStream\u0027s setup code:\n\nxstream.denyTypes(new String[]{ \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.13 who want to use XStream default blacklist can simply add three lines to XStream\u0027s setup code:\n\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.12 to 1.4.7 who want to use XStream with a blacklist will have to setup such a list from scratch and deny at least the following types: javax.imageio.ImageIO$ContainsFilter, java.beans.EventHandler, java.lang.ProcessBuilder, jdk.nashorn.internal.objects.NativeString, java.lang.Void and void and deny several types by name pattern.\n\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class, java.beans.EventHandler.class, java.lang.ProcessBuilder.class, java.lang.Void.class, void.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\$LazyIterator\", \"javax\\\\.crypto\\\\..*\", \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.6 or below can register an own converter to prevent the unmarshalling of the currently know critical types of the Java runtime. It is in fact an updated version of the workaround for CVE-2013-7285:\n\nxstream.registerConverter(new Converter() {\n  public boolean canConvert(Class type) {\n    return type != null \u0026\u0026 (type == java.beans.EventHandler.class || type == java.lang.ProcessBuilder.class\n        || type.getName().equals(\"javax.imageio.ImageIO$ContainsFilter\") || type.getName().equals(\"jdk.nashorn.internal.objects.NativeString\")\n        || type == java.lang.Void.class || void.class || Proxy.isProxy(type)\n        || type.getName().startsWith(\"javax.crypto.\") || type.getName().endsWith(\"$LazyIterator\") || type.getName().endsWith(\".ReadAllStream$FileStream\"));\n  }\n\n  public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {\n    throw new ConversionException(\"Unsupported type due to security reasons.\");\n  }\n\n  public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) {\n    throw new ConversionException(\"Unsupported type due to security reasons.\");\n  }\n}, XStream.PRIORITY_LOW);",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "XStream: arbitrary file deletion on the local host when unmarshalling"
    },
    {
      "cve": "CVE-2020-27218",
      "cwe": {
        "id": "CWE-226",
        "name": "Sensitive Information in Resource Not Removed Before Reuse"
      },
      "discovery_date": "2020-11-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1902826"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty: buffer not correctly recycled in Gzip Request inflation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-27218"
        },
        {
          "category": "external",
          "summary": "RHBZ#1902826",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902826"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27218",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-27218"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27218",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27218"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8"
        }
      ],
      "release_date": "2020-11-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jetty: buffer not correctly recycled in Gzip Request inflation"
    },
    {
      "cve": "CVE-2020-27223",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-02-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1934116"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of \u201cquality\u201d (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-27223"
        },
        {
          "category": "external",
          "summary": "RHBZ#1934116",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934116"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27223",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-27223"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27223",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27223"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7"
        }
      ],
      "release_date": "2021-02-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS"
    },
    {
      "cve": "CVE-2020-27782",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2020-11-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1901304"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "undertow: special character in query results in server errors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-27782"
        },
        {
          "category": "external",
          "summary": "RHBZ#1901304",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901304"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27782",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-27782"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27782",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27782"
        }
      ],
      "release_date": "2021-01-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        },
        {
          "category": "workaround",
          "details": "The issue can be mitigated by using HTTP/1.1 instead of AJP to proxy to the back-end.",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "undertow: special character in query results in server errors"
    },
    {
      "cve": "CVE-2020-28491",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-02-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1930423"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jackson-dataformat-cbor.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nIn OCP 4.6 the openshift4/ose-logging-elasticsearch6 container delivers the vulnerable version of jackson-dataformat-cbor, but OCP 4.6 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support, hence this component is marked as ooss. Since the release of OCP 4.7 this component is delivered as part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8 container).\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-28491"
        },
        {
          "category": "external",
          "summary": "RHBZ#1930423",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28491",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-28491"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329",
          "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329"
        }
      ],
      "release_date": "2021-02-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception"
    },
    {
      "cve": "CVE-2020-35510",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2020-12-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1905796"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-35510"
        },
        {
          "category": "external",
          "summary": "RHBZ#1905796",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905796"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35510",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-35510"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35510",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35510"
        }
      ],
      "release_date": "2020-12-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Damian Bury"
          ]
        }
      ],
      "cve": "CVE-2021-3536",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2021-02-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1948001"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack (XSS). The highest threat from this vulnerability is to confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly: XSS via admin console when creating roles in domain mode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw does not affect Red Hat CodeReady Studio 12 because it uses the Wildfly client only. The domain mode is not used.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3536"
        },
        {
          "category": "external",
          "summary": "RHBZ#1948001",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948001"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3536",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3536"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3536",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3536"
        }
      ],
      "release_date": "2021-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "wildfly: XSS via admin console when creating roles in domain mode"
    },
    {
      "cve": "CVE-2021-3597",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "discovery_date": "2021-02-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1970930"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3597"
        },
        {
          "category": "external",
          "summary": "RHBZ#1970930",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970930"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3597",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3597"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3597",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3597"
        }
      ],
      "release_date": "2021-06-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS"
    },
    {
      "cve": "CVE-2021-3629",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-04-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1977362"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3629"
        },
        {
          "category": "external",
          "summary": "RHBZ#1977362",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977362"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3629"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3629",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3629"
        }
      ],
      "release_date": "2021-03-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS"
    },
    {
      "cve": "CVE-2021-3690",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "discovery_date": "2021-08-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1991299"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "undertow: buffer leak on incoming websocket PONG message may lead to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Although Red Hat OpenStack Platform packages the vulnerable code in Opendaylight, it does not use or support the undertow-encapsulating features. The security impact for RHOSP is therefore rated as Low and no update will be provided at this time.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3690"
        },
        {
          "category": "external",
          "summary": "RHBZ#1991299",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991299"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3690",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3690"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3690",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3690"
        }
      ],
      "release_date": "2021-07-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "undertow: buffer leak on incoming websocket PONG message may lead to DoS"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Ivan Bodrov"
          ]
        },
        {
          "names": [
            "Marc Nuri"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2021-20218",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2021-02-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1923405"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform 4 (OCP) there are no plans to maintain the ose-logging-elasticsearch5 container, therefore it has been marked wontfix at this time and maybe fixed in a future update.\n\nRed Hat CodeReady WorkSpaces 2.7.0 does not ship fabric8-kubernetes-client and is therefore not affected by this flaw.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-20218"
        },
        {
          "category": "external",
          "summary": "RHBZ#1923405",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923405"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20218",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-20218"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20218",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20218"
        },
        {
          "category": "external",
          "summary": "https://github.com/fabric8io/kubernetes-client/issues/2715",
          "url": "https://github.com/fabric8io/kubernetes-client/issues/2715"
        }
      ],
      "release_date": "2021-01-12T04:35:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise"
    },
    {
      "cve": "CVE-2021-21290",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-02-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1927028"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty\u0027s multipart decoders are used, a local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: Information disclosure via the local system temporary directory",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21290"
        },
        {
          "category": "external",
          "summary": "RHBZ#1927028",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927028"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21290",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21290",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21290"
        }
      ],
      "release_date": "2021-02-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty: Information disclosure via the local system temporary directory"
    },
    {
      "cve": "CVE-2021-21295",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2021-03-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1937364"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel\u0027s pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: possible request smuggling in HTTP/2 due missing validation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21295"
        },
        {
          "category": "external",
          "summary": "RHBZ#1937364",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937364"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21295",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21295",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21295"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
        }
      ],
      "release_date": "2021-03-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty: possible request smuggling in HTTP/2 due missing validation"
    },
    {
      "cve": "CVE-2021-21341",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2021-03-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1942539"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21341"
        },
        {
          "category": "external",
          "summary": "RHBZ#1942539",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942539"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21341",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21341"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21341",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21341"
        }
      ],
      "release_date": "2021-03-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream"
    },
    {
      "cve": "CVE-2021-21342",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2021-03-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1942545"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "XStream: SSRF via crafted input stream",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21342"
        },
        {
          "category": "external",
          "summary": "RHBZ#1942545",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942545"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21342",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21342"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21342",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21342"
        }
      ],
      "release_date": "2021-03-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "XStream: SSRF via crafted input stream"
    },
    {
      "cve": "CVE-2021-21343",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2021-03-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1942550"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "XStream: arbitrary file deletion on the local host via crafted input stream",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21343"
        },
        {
          "category": "external",
          "summary": "RHBZ#1942550",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942550"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21343",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21343"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21343",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21343"
        }
      ],
      "release_date": "2021-03-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "XStream: arbitrary file deletion on the local host via crafted input stream"
    },
    {
      "cve": "CVE-2021-21344",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2021-03-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1942554"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xstream. A remote attacker may be able to load and execute arbitrary code from a remote host only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21344"
        },
        {
          "category": "external",
          "summary": "RHBZ#1942554",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942554"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21344",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21344"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21344",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21344"
        }
      ],
      "release_date": "2021-03-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet"
    },
    {
      "cve": "CVE-2021-21345",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2021-03-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1942558"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xstream. A remote attacker, who has sufficient rights, can execute commands of the host by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21345"
        },
        {
          "category": "external",
          "summary": "RHBZ#1942558",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942558"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21345",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21345"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21345",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21345"
        }
      ],
      "release_date": "2021-03-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry"
    },
    {
      "cve": "CVE-2021-21346",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2021-03-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1942578"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xstream. A remote attacker can load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21346"
        },
        {
          "category": "external",
          "summary": "RHBZ#1942578",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942578"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21346",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21346"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21346",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21346"
        }
      ],
      "release_date": "2021-03-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue"
    },
    {
      "cve": "CVE-2021-21347",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2021-03-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1942629"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xstream. A remote attacker may be able to load and execute arbitrary code from a remote host only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21347"
        },
        {
          "category": "external",
          "summary": "RHBZ#1942629",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942629"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21347",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21347"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21347",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21347"
        }
      ],
      "release_date": "2021-03-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator"
    },
    {
      "cve": "CVE-2021-21348",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2021-03-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1942633"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "XStream: ReDoS vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21348"
        },
        {
          "category": "external",
          "summary": "RHBZ#1942633",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942633"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21348",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21348"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21348",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21348"
        }
      ],
      "release_date": "2021-03-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "XStream: ReDoS vulnerability"
    },
    {
      "cve": "CVE-2021-21349",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2021-03-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1942635"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21349"
        },
        {
          "category": "external",
          "summary": "RHBZ#1942635",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942635"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21349",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21349"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21349",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21349"
        }
      ],
      "release_date": "2021-03-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host"
    },
    {
      "cve": "CVE-2021-21350",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2021-03-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1942637"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xstream. A remote attacker may be able to execute arbitrary code only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21350"
        },
        {
          "category": "external",
          "summary": "RHBZ#1942637",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942637"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21350",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21350"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21350",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21350"
        }
      ],
      "release_date": "2021-03-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader"
    },
    {
      "cve": "CVE-2021-21351",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2021-03-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1942642"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21351"
        },
        {
          "category": "external",
          "summary": "RHBZ#1942642",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942642"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21351",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21351"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21351",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21351"
        }
      ],
      "release_date": "2021-03-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream"
    },
    {
      "cve": "CVE-2021-21409",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2021-03-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1944888"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: Request smuggling via content-length header",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Satellite ships a vulnerable Netty version embedded in Candlepin. However, it is not directly vulnerable since the HTTP requests are handled by Tomcat and not by Netty.\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21409"
        },
        {
          "category": "external",
          "summary": "RHBZ#1944888",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21409",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
        }
      ],
      "release_date": "2021-03-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty: Request smuggling via content-length header"
    },
    {
      "cve": "CVE-2021-22118",
      "cwe": {
        "id": "CWE-281",
        "name": "Improper Preservation of Permissions"
      },
      "discovery_date": "2021-06-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1974854"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "spring-web: (re)creating the temporary storage directory could result in  a privilege escalation within WebFlux application",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP) the jenkins package bundles the vulnerable version of spring-framework, but as Jenkins is not a type of WebFlux application is not impacted by this vulnerability. Therefore the OCP components have been marked as affected/wontfix. This may be fixed in a future release.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-22118"
        },
        {
          "category": "external",
          "summary": "RHBZ#1974854",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974854"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-22118",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-22118"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22118",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22118"
        },
        {
          "category": "external",
          "summary": "https://github.com/spring-projects/spring-framework/issues/26931",
          "url": "https://github.com/spring-projects/spring-framework/issues/26931"
        },
        {
          "category": "external",
          "summary": "https://tanzu.vmware.com/security/cve-2021-22118",
          "url": "https://tanzu.vmware.com/security/cve-2021-22118"
        }
      ],
      "release_date": "2021-05-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "spring-web: (re)creating the temporary storage directory could result in  a privilege escalation within WebFlux application"
    },
    {
      "cve": "CVE-2021-22696",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1946341"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a \"request\" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the \"request_uri\" parameter. CXF was not validating the \"request_uri\" parameter (apart from ensuring it uses \"https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cxf: OAuth 2 authorization service vulnerable to DDos attacks",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-22696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1946341",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946341"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-22696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-22696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22696"
        },
        {
          "category": "external",
          "summary": "https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc",
          "url": "https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc"
        }
      ],
      "release_date": "2021-04-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "cxf: OAuth 2 authorization service vulnerable to DDos attacks"
    },
    {
      "cve": "CVE-2021-23926",
      "cwe": {
        "id": "CWE-776",
        "name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
      },
      "discovery_date": "2021-01-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1922102"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found when parsing XML files using XMLBeans 2.6.0 or below. The underlying parser created by XMLBeans could be susceptible to XML External Entity (XXE) attacks. The highest threat from this vulnerability is to confidentiality and system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xmlbeans: allowed malicious XML input may lead to XML Entity Expansion attack",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-23926"
        },
        {
          "category": "external",
          "summary": "RHBZ#1922102",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922102"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23926",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-23926"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23926",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23926"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        },
        {
          "category": "workaround",
          "details": "Affected users are advised to update to Apache XMLBeans 3.0.0 or above, which fixes this vulnerability.",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "xmlbeans: allowed malicious XML input may lead to XML Entity Expansion attack"
    },
    {
      "cve": "CVE-2021-27568",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-03-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1939839"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in json-smart. When an exception is thrown from a function, but is not caught, the program using the library may crash or expose sensitive information. The highest threat from this vulnerability is to data confidentiality and system availability.\r\n\r\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of json-smart package.\r\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\r\nThis may be fixed in the future.\r\n\r\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "json-smart: uncaught exception may lead to crash or information disclosure",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-27568"
        },
        {
          "category": "external",
          "summary": "RHBZ#1939839",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939839"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27568",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-27568"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27568",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27568"
        }
      ],
      "release_date": "2021-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "json-smart: uncaught exception may lead to crash or information disclosure"
    },
    {
      "cve": "CVE-2021-28163",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-04-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1945710"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "If the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink the contents of the ${jetty.base}/webapps directory may be deployed as a static web application, exposing the content of the directory for download. The highest threat from this vulnerability is to data confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty: Symlink directory exposes webapp directory contents",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated\n\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nRed Hat CodeReady Studio 12 is not affected by this vulnerability because it does not ship a vulnerable version of jetty.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-28163"
        },
        {
          "category": "external",
          "summary": "RHBZ#1945710",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945710"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-28163",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28163",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28163"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq"
        }
      ],
      "release_date": "2021-04-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jetty: Symlink directory exposes webapp directory contents"
    },
    {
      "cve": "CVE-2021-28164",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-04-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1945712"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can use this vulnerability to reveal sensitive information regarding the implementation of a web application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty: Ambiguous paths can access WEB-INF",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nRed Hat CodeReady Studio 12 is not affected by this vulnerability because it does not ship a vulnerable version of jetty.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-28164"
        },
        {
          "category": "external",
          "summary": "RHBZ#1945712",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945712"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-28164",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-28164"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28164",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28164"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5"
        }
      ],
      "release_date": "2021-04-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jetty: Ambiguous paths can access WEB-INF"
    },
    {
      "cve": "CVE-2021-28169",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-06-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1971016"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "For Eclipse Jetty versions \u003c= 9.4.40, \u003c= 10.0.2, \u003c= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated\n\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nRed Hat CodeReady Studio 12 is not affected by this flaw because it does not ship the vulnerable components (ConcatServlet or WelcomeFilter) of jetty.\n\nRed Hat Enterprise Linux 8 is not affected by this flaw because it does not ship the vulnerable components (ConcatServlet or WelcomeFilter) of jetty.\n\nRed Hat Enterprise Linux 7 ships the vulnerable component of jetty, but only in the optional repository and thus this flaw is out of support scope for Red Hat Enterprise Linux 7.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-28169"
        },
        {
          "category": "external",
          "summary": "RHBZ#1971016",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971016"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-28169",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28169",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28169"
        }
      ],
      "release_date": "2021-06-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory"
    },
    {
      "cve": "CVE-2021-28170",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-05-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1965497"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-28170"
        },
        {
          "category": "external",
          "summary": "RHBZ#1965497",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965497"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-28170",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-28170"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28170",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28170"
        },
        {
          "category": "external",
          "summary": "https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/",
          "url": "https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/"
        }
      ],
      "release_date": "2021-04-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate"
    },
    {
      "cve": "CVE-2021-29425",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2021-04-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1948752"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like \"//../foo\", or \"\\\\..\\foo\", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus \"limited\" path traversal), if the calling code would use the result to construct a path value.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While the apache-commons-io package included in Red Hat Enterprise Linux 8 Maven App Stream contains the vulnerable code, it is not used in any way by Maven or other packages in this module.  This package is not an API component of Maven, thus the affected code can not be reached in any supported scenario.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-29425"
        },
        {
          "category": "external",
          "summary": "RHBZ#1948752",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948752"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-29425",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29425",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29425"
        }
      ],
      "release_date": "2021-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6"
    },
    {
      "cve": "CVE-2021-30129",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-07-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1981527"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-30129"
        },
        {
          "category": "external",
          "summary": "RHBZ#1981527",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981527"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-30129",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-30129"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-30129",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30129"
        }
      ],
      "release_date": "2021-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server"
    },
    {
      "cve": "CVE-2021-30468",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2021-06-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1973392"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CXF: Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP) the openshift4/ose-logging-elasticsearch6 container bundles  the vulnerable version of apache-cxf, but OCP 4.6 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support, hence this component is marked as ooss. Starting in 4.7 this component is delivered as part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8 container) and is not affected by this vulnerability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-30468"
        },
        {
          "category": "external",
          "summary": "RHBZ#1973392",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973392"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-30468",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-30468"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-30468",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30468"
        },
        {
          "category": "external",
          "summary": "http://cxf.apache.org/security-advisories.data/CVE-2021-30468.txt.asc?version=1\u0026modificationDate=1623835369690\u0026api=v2",
          "url": "http://cxf.apache.org/security-advisories.data/CVE-2021-30468.txt.asc?version=1\u0026modificationDate=1623835369690\u0026api=v2"
        }
      ],
      "release_date": "2021-06-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "CXF: Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter"
    },
    {
      "cve": "CVE-2021-34428",
      "cwe": {
        "id": "CWE-613",
        "name": "Insufficient Session Expiration"
      },
      "discovery_date": "2021-06-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1974891"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was discovered in the jetty-server, where if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts, this could result in a session not being invalidated and a shared-computer application being left logged in. The highest threat from this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty: SessionListener can prevent a session from being invalidated breaking logout",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jetty. Since the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix. This may be fixed in the future.\n\nOCP 3.11 is out of the support scope for Moderate and Low impact vulnerabilities because is already in the Maintenance Support phase, hence the affected OCP 3.11 component has been marked as wontifx.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-34428"
        },
        {
          "category": "external",
          "summary": "RHBZ#1974891",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974891"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-34428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34428",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34428"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6"
        }
      ],
      "release_date": "2021-06-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        },
        {
          "category": "workaround",
          "details": "Applications should catch all Throwables within their SessionListener#sessionDestroyed() implementations.",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "jetty: SessionListener can prevent a session from being invalidated breaking logout"
    },
    {
      "cve": "CVE-2021-37136",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-09-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2004133"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-37136"
        },
        {
          "category": "external",
          "summary": "RHBZ#2004133",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
        }
      ],
      "release_date": "2021-09-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data"
    },
    {
      "cve": "CVE-2021-37137",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-09-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2004135"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-37137"
        },
        {
          "category": "external",
          "summary": "RHBZ#2004135",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
        }
      ],
      "release_date": "2021-09-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way"
    },
    {
      "cve": "CVE-2021-37714",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-08-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1995259"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-37714"
        },
        {
          "category": "external",
          "summary": "RHBZ#1995259",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995259"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37714",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37714"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37714",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37714"
        },
        {
          "category": "external",
          "summary": "https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c",
          "url": "https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c"
        }
      ],
      "release_date": "2021-08-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck"
    },
    {
      "cve": "CVE-2021-44228",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-12-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030932"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue only affects log4j versions between 2.0  and 2.14.1. In order to exploit this flaw you need:\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n\nIn Red Hat OpenShift Logging the vulnerable log4j library is shipped in the Elasticsearch components. Because Elasticsearch is not susceptible to remote code execution with this vulnerability due to use of the Java Security Manager and because access to these components is limited, the impact by this vulnerability is reduced to Moderate.\n\nAs per upstream applications using Log4j 1.x may be impacted by this flaw if their configuration uses JNDI. However, the risk is much lower. This flaw in Log4j 1.x is tracked via https://access.redhat.com/security/cve/CVE-2021-4104 and has been rated as having Moderate security impact.\n\nCodeReady Studio version 12.21.1 was released containing a fix for this vulnerability.\n\nThe following products are NOT affected by this flaw and have been explicitly listed here for the benefit of our customers.\n- Red Hat Enterprise Linux\n- Red Hat Advanced Cluster Management for Kubernetes \n- Red Hat Advanced Cluster Security for Kubernetes\n- Red Hat Ansible Automation Platform (Engine and Tower)\n- Red Hat Certificate System\n- Red Hat Directory Server\n- Red Hat Identity Management\n- Red Hat CloudForms \n- Red Hat Update Infrastructure\n- Red Hat Satellite\n- Red Hat Ceph Storage\n- Red Hat Gluster Storage\n- Red Hat OpenShift Data Foundation\n- Red Hat OpenStack Platform\n- Red Hat Virtualization\n- Red Hat Single Sign-On\n- Red Hat 3scale API Management",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030932",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
        },
        {
          "category": "external",
          "summary": "RHSB-2021-009",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q",
          "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.lunasec.io/docs/blog/log4j-zero-day/",
          "url": "https://www.lunasec.io/docs/blog/log4j-zero-day/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-10T02:01:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:31:33+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5134"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions \u003e=2.10\nset the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true\n\nFor Log4j versions \u003e=2.7 and \u003c=2.14.1\nall PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m\n\nFor Log4j versions \u003e=2.0-beta9 and \u003c=2.10.0\nremove the JndiLookup class from the classpath. For example: \n```\nzip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\n```\n\nOn OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421\n\nOn OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441",
          "product_ids": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.10"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2021-12-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value"
    }
  ]
}

RHSA-2021:5127

Vulnerability from csaf_redhat - Published: 2021-12-14 18:38 - Updated: 2026-04-01 18:52

Summary

Red Hat Security Advisory: Openshift Logging security and bug update (5.2.4)

Severity

Moderate

Notes

Topic: An update is now available for OpenShift Logging 5.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Openshift Logging Security and Bug Fix Release (5.2.4) Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) * netty: Request smuggling via content-length header (CVE-2021-21409) * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-21409

A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Vendor Fix For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html For Red Hat OpenShift Logging 5.2, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5127

CVE-2021-37136

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html For Red Hat OpenShift Logging 5.2, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5127

CVE-2021-37137

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html For Red Hat OpenShift Logging 5.2, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5127

CVE-2021-44228

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Vendor Fix For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html For Red Hat OpenShift Logging 5.2, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5127

Workaround For Log4j versions >=2.10 set the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true For Log4j versions >=2.7 and <=2.14.1 all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m For Log4j versions >=2.0-beta9 and <=2.10.0 remove the JndiLookup class from the classpath. For example: ``` zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ``` On OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421 On OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441

CVE-2021-45046

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Vendor Fix For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html For Red Hat OpenShift Logging 5.2, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5127

Workaround For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).

References

URL

Category

	https://access.redhat.com/errata/RHSA-2021:5127	self
	https://access.redhat.com/security/updates/classi…	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1944888	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2004133	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2004135	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://issues.redhat.com/browse/LOG-1775	external
	https://issues.redhat.com/browse/LOG-1824	external
	https://issues.redhat.com/browse/LOG-1963	external
	https://issues.redhat.com/browse/LOG-1970	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2021-21409	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1944888	external
	https://www.cve.org/CVERecord?id=CVE-2021-21409	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-21409	external
	https://github.com/netty/netty/security/advisorie…	external
	https://access.redhat.com/security/cve/CVE-2021-37136	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2004133	external
	https://www.cve.org/CVERecord?id=CVE-2021-37136	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-37136	external
	https://github.com/netty/netty/security/advisorie…	external
	https://access.redhat.com/security/cve/CVE-2021-37137	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2004135	external
	https://www.cve.org/CVERecord?id=CVE-2021-37137	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-37137	external
	https://access.redhat.com/security/cve/CVE-2021-44228	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://www.cve.org/CVERecord?id=CVE-2021-44228	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-44228	external
	https://github.com/advisories/GHSA-jfh8-c2jp-5v3q	external
	https://logging.apache.org/log4j/2.x/security.html	external
	https://www.lunasec.io/docs/blog/log4j-zero-day/	external
	https://www.cisa.gov/known-exploited-vulnerabilit…	external
	https://access.redhat.com/security/cve/CVE-2021-45046	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2032580	external
	https://www.cve.org/CVERecord?id=CVE-2021-45046	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-45046	external
	https://access.redhat.com/security/cve/CVE-2021-44228	external
	https://www.openwall.com/lists/oss-security/2021/…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for OpenShift Logging 5.2.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Openshift Logging Security and Bug Fix Release (5.2.4)\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:5127",
        "url": "https://access.redhat.com/errata/RHSA-2021:5127"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
      },
      {
        "category": "external",
        "summary": "1944888",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
      },
      {
        "category": "external",
        "summary": "2004133",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
      },
      {
        "category": "external",
        "summary": "2004135",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
      },
      {
        "category": "external",
        "summary": "2030932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
      },
      {
        "category": "external",
        "summary": "LOG-1775",
        "url": "https://issues.redhat.com/browse/LOG-1775"
      },
      {
        "category": "external",
        "summary": "LOG-1824",
        "url": "https://issues.redhat.com/browse/LOG-1824"
      },
      {
        "category": "external",
        "summary": "LOG-1963",
        "url": "https://issues.redhat.com/browse/LOG-1963"
      },
      {
        "category": "external",
        "summary": "LOG-1970",
        "url": "https://issues.redhat.com/browse/LOG-1970"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_5127.json"
      }
    ],
    "title": "Red Hat Security Advisory: Openshift Logging security and bug update (5.2.4)",
    "tracking": {
      "current_release_date": "2026-04-01T18:52:52+00:00",
      "generator": {
        "date": "2026-04-01T18:52:52+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.4"
        }
      },
      "id": "RHSA-2021:5127",
      "initial_release_date": "2021-12-14T18:38:45+00:00",
      "revision_history": [
        {
          "date": "2021-12-14T18:38:45+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-12-14T18:38:45+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-01T18:52:52+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "OpenShift Logging 5.2",
                "product": {
                  "name": "OpenShift Logging 5.2",
                  "product_id": "8Base-OSE-LOGGING-5.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:logging:5.2::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.2.4-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.2.4-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-67"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
                "product": {
                  "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
                  "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-44"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-47"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-66"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-71"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-74"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.2.4-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.2.4-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-67"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
                "product": {
                  "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
                  "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-44"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-47"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-66"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-71"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-74"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.2.4-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
                  "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.2.4-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.2.4-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
                  "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.2.4-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-67"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
                "product": {
                  "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
                  "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-44"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-47"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-66"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-71"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-74"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64 as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64 as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64 as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64 as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64 as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64 as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64 as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64 as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64 as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x"
        },
        "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64 as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64"
        },
        "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le"
        },
        "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64 as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le as a component of OpenShift Logging 5.2",
          "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-21409",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2021-03-30T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1944888"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: Request smuggling via content-length header",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Satellite ships a vulnerable Netty version embedded in Candlepin. However, it is not directly vulnerable since the HTTP requests are handled by Tomcat and not by Netty.\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21409"
        },
        {
          "category": "external",
          "summary": "RHBZ#1944888",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21409",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
        }
      ],
      "release_date": "2021-03-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T18:38:45+00:00",
          "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5127"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty: Request smuggling via content-length header"
    },
    {
      "cve": "CVE-2021-37136",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-09-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2004133"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-37136"
        },
        {
          "category": "external",
          "summary": "RHBZ#2004133",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
        }
      ],
      "release_date": "2021-09-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T18:38:45+00:00",
          "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5127"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data"
    },
    {
      "cve": "CVE-2021-37137",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-09-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2004135"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-37137"
        },
        {
          "category": "external",
          "summary": "RHBZ#2004135",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
        }
      ],
      "release_date": "2021-09-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T18:38:45+00:00",
          "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5127"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way"
    },
    {
      "cve": "CVE-2021-44228",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-12-10T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030932"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue only affects log4j versions between 2.0  and 2.14.1. In order to exploit this flaw you need:\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n\nIn Red Hat OpenShift Logging the vulnerable log4j library is shipped in the Elasticsearch components. Because Elasticsearch is not susceptible to remote code execution with this vulnerability due to use of the Java Security Manager and because access to these components is limited, the impact by this vulnerability is reduced to Moderate.\n\nAs per upstream applications using Log4j 1.x may be impacted by this flaw if their configuration uses JNDI. However, the risk is much lower. This flaw in Log4j 1.x is tracked via https://access.redhat.com/security/cve/CVE-2021-4104 and has been rated as having Moderate security impact.\n\nCodeReady Studio version 12.21.1 was released containing a fix for this vulnerability.\n\nThe following products are NOT affected by this flaw and have been explicitly listed here for the benefit of our customers.\n- Red Hat Enterprise Linux\n- Red Hat Advanced Cluster Management for Kubernetes \n- Red Hat Advanced Cluster Security for Kubernetes\n- Red Hat Ansible Automation Platform (Engine and Tower)\n- Red Hat Certificate System\n- Red Hat Directory Server\n- Red Hat Identity Management\n- Red Hat CloudForms \n- Red Hat Update Infrastructure\n- Red Hat Satellite\n- Red Hat Ceph Storage\n- Red Hat Gluster Storage\n- Red Hat OpenShift Data Foundation\n- Red Hat OpenStack Platform\n- Red Hat Virtualization\n- Red Hat Single Sign-On\n- Red Hat 3scale API Management",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030932",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
        },
        {
          "category": "external",
          "summary": "RHSB-2021-009",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q",
          "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.lunasec.io/docs/blog/log4j-zero-day/",
          "url": "https://www.lunasec.io/docs/blog/log4j-zero-day/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-10T02:01:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T18:38:45+00:00",
          "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5127"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions \u003e=2.10\nset the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true\n\nFor Log4j versions \u003e=2.7 and \u003c=2.14.1\nall PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m\n\nFor Log4j versions \u003e=2.0-beta9 and \u003c=2.10.0\nremove the JndiLookup class from the classpath. For example: \n```\nzip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\n```\n\nOn OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421\n\nOn OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2021-12-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value"
    },
    {
      "cve": "CVE-2021-45046",
      "cwe": {
        "id": "CWE-917",
        "name": "Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)"
      },
      "discovery_date": "2021-12-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2032580"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
          "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "RHBZ#2032580",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/cve/CVE-2021-44228",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4",
          "url": "https://www.openwall.com/lists/oss-security/2021/12/14/4"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T18:38:45+00:00",
          "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5127"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).",
          "product_ids": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:0f2ab3b589e2945e2aae7a6d520f1b696c8a95292580c24b659a1579e3c857f6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:82cbec57284b21e914fad6fe3ea8244932a735da4aca2a9c74ced7689767c0b2_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:be71a022fe66b9dca3aecf7df3b9fd81e42f7f46f039ce1ae8778dcc332162e1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:e99648fe21236aef69ca9f2def30fc4970983d8835f55fbfe8d5c804ebd0e9b6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:9dcc85f510f69be9e97888d5ad32629bc23554c47d8ebe397932933b289a35c2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:7fdb8b62f8fb7d1469dba362fb1d91239b31437b0be150732845a6e9eb325ef6_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:887c26a6c4356b64c9802fb3b870f79eb98a8f0f2ad1b2bbebd086c936c68fe5_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:8d8f0cc525b00a39583ba6cdd87253c17487a9366f5fa0d6011d23e5814fd95d_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:5ee8c4ba3f91bcbb3cfa0eb2b91d3f5b04450fa2f0415e46b40b634b280e54c7_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d8ce76443afdf4361842c2f6da80d939b2bb86081076d41e5bcb1b9858380c43_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:ef2c1f7249a377b940bbdd2d52e2ab53ed6283f4e4d1290da6bb3edbb2109294_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:33f40783cb6ac656b56a6c64208f38ef17ab8023171321551be2cd14876a1418_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42152d9ca72d1d7d9e24386f8144382b1c4309e11b179ad18206efa7758d07c6_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:c8a03e59904b96bac438e2607094dff1e652c7c42ddbba31006f7760cf17b9d8_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:0796e6b8d8da736d5841d9ddeb076fdc1ca26022643f0e370bfda023f212df39_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b565f6ce66b74161a0b6dc19246b42754db2c54a01e7f2314994544ccd514f34_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce98ee3a74cbabe1a5eb4d2c647389824b1a3ffe7d2051668a1aac9fe1ec2dc7_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0e10ff493ad914b7011291590e497c27cca51a587d28e9d2bd1bc89154c2b133_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:685d7f18502ac2a24a37cdb9ae74616098d3843f80e9d9f0e8dd27930ca174a9_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:7dd06969de6e2d0345fb6595c24526e184030a1d2c50ffae0d201f0bfd33abb4_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:a2d914120d489c00d8d8c40cf9f1fa1ba627c5e386fc113ae9299113dee253ca_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d5c47750ae81e99b3cc4f9f71127cb394b69b747177c08c53768df8b8b52ba65_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:d7fa8453d07409cd344cde67e772fb4d2941398b853ce1ea3bcaf6135d5645c1_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:67e23735a1005bb7f06d3f05677bfe8c38bccc5bfc1cc4cf16832ddeda29931a_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:9c2decd7838d0e1a56c27ff7fa8af82ed2ac33d0618240b80d26fd932f5804f2_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:cb884b83fecaa7d6f4aae548fd299568edf59feb5d752704dcd4598b1f826ff1_ppc64le",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1982a509b8a209720b92fba4812a3fcc5ce0e519908cdec876beb92f895699fa_amd64",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:66e46f68e5313e4f58cfd3b6fccb8edeb97a574210bff799d0bd5471b73f9f62_s390x",
            "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:d3b3ab31d012a82acb832e705f1a5ba60912d1b32dd035fad9106f1088de35a8_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-05-01T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)"
    }
  ]
}

RHSA-2021_5129

Vulnerability from csaf_redhat - Published: 2021-12-14 19:37 - Updated: 2024-12-17 23:59

Summary

Red Hat Security Advisory: Openshift Logging security and bug update (5.3.1)

Severity

Moderate

Notes

Topic: An update is now available for OpenShift Logging 5.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Openshift Logging Security and Bug Fix Release (5.3.1) Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) * netty: Request smuggling via content-length header (CVE-2021-21409) * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-21409

A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Vendor Fix For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5129

CVE-2021-37136

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5129

CVE-2021-37137

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5129

CVE-2021-44228

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Vendor Fix For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5129

Workaround For Log4j versions >=2.10 set the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true For Log4j versions >=2.7 and <=2.14.1 all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m For Log4j versions >=2.0-beta9 and <=2.10.0 remove the JndiLookup class from the classpath. For example: ``` zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ``` On OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421 On OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441

CVE-2021-45046

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5129

Workaround For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).

References

URL

Category

	https://access.redhat.com/errata/RHSA-2021:5129	self
	https://access.redhat.com/security/updates/classi…	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1944888	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2004133	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2004135	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://issues.redhat.com/browse/LOG-1897	external
	https://issues.redhat.com/browse/LOG-1925	external
	https://issues.redhat.com/browse/LOG-1962	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2021-21409	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1944888	external
	https://www.cve.org/CVERecord?id=CVE-2021-21409	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-21409	external
	https://github.com/netty/netty/security/advisorie…	external
	https://access.redhat.com/security/cve/CVE-2021-37136	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2004133	external
	https://www.cve.org/CVERecord?id=CVE-2021-37136	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-37136	external
	https://github.com/netty/netty/security/advisorie…	external
	https://access.redhat.com/security/cve/CVE-2021-37137	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2004135	external
	https://www.cve.org/CVERecord?id=CVE-2021-37137	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-37137	external
	https://access.redhat.com/security/cve/CVE-2021-44228	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://www.cve.org/CVERecord?id=CVE-2021-44228	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-44228	external
	https://github.com/advisories/GHSA-jfh8-c2jp-5v3q	external
	https://logging.apache.org/log4j/2.x/security.html	external
	https://www.lunasec.io/docs/blog/log4j-zero-day/	external
	https://www.cisa.gov/known-exploited-vulnerabilit…	external
	https://access.redhat.com/security/cve/CVE-2021-45046	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2032580	external
	https://www.cve.org/CVERecord?id=CVE-2021-45046	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-45046	external
	https://access.redhat.com/security/cve/CVE-2021-44228	external
	https://www.openwall.com/lists/oss-security/2021/…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for OpenShift Logging 5.3.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Openshift Logging Security and Bug Fix Release (5.3.1)\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:5129",
        "url": "https://access.redhat.com/errata/RHSA-2021:5129"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
      },
      {
        "category": "external",
        "summary": "1944888",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
      },
      {
        "category": "external",
        "summary": "2004133",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
      },
      {
        "category": "external",
        "summary": "2004135",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
      },
      {
        "category": "external",
        "summary": "2030932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
      },
      {
        "category": "external",
        "summary": "LOG-1897",
        "url": "https://issues.redhat.com/browse/LOG-1897"
      },
      {
        "category": "external",
        "summary": "LOG-1925",
        "url": "https://issues.redhat.com/browse/LOG-1925"
      },
      {
        "category": "external",
        "summary": "LOG-1962",
        "url": "https://issues.redhat.com/browse/LOG-1962"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_5129.json"
      }
    ],
    "title": "Red Hat Security Advisory: Openshift Logging security and bug update (5.3.1)",
    "tracking": {
      "current_release_date": "2024-12-17T23:59:46+00:00",
      "generator": {
        "date": "2024-12-17T23:59:46+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2021:5129",
      "initial_release_date": "2021-12-14T19:37:00+00:00",
      "revision_history": [
        {
          "date": "2021-12-14T19:37:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-12-14T19:37:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-17T23:59:46+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "OpenShift Logging 5.3",
                "product": {
                  "name": "OpenShift Logging 5.3",
                  "product_id": "8Base-OSE-LOGGING-5.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:logging:5.3::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.3.1-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.3.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-66"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
                "product": {
                  "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
                  "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-43"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-46"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-65"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-63"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-70"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-73"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.3.1-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.3.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-66"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
                "product": {
                  "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
                  "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-43"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-46"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-65"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-63"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-70"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-73"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.3.1-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
                  "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.3.1-12"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.3.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
                  "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.3.1-12"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-66"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
                "product": {
                  "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
                  "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-43"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-46"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-65"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-63"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-70"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-73"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le"
        },
        "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x"
        },
        "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64"
        },
        "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-21409",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2021-03-30T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1944888"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: Request smuggling via content-length header",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Satellite ships a vulnerable Netty version embedded in Candlepin. However, it is not directly vulnerable since the HTTP requests are handled by Tomcat and not by Netty.\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21409"
        },
        {
          "category": "external",
          "summary": "RHBZ#1944888",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21409",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
        }
      ],
      "release_date": "2021-03-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T19:37:00+00:00",
          "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5129"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty: Request smuggling via content-length header"
    },
    {
      "cve": "CVE-2021-37136",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-09-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2004133"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-37136"
        },
        {
          "category": "external",
          "summary": "RHBZ#2004133",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
        }
      ],
      "release_date": "2021-09-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T19:37:00+00:00",
          "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5129"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data"
    },
    {
      "cve": "CVE-2021-37137",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-09-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2004135"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-37137"
        },
        {
          "category": "external",
          "summary": "RHBZ#2004135",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
        }
      ],
      "release_date": "2021-09-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T19:37:00+00:00",
          "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5129"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way"
    },
    {
      "cve": "CVE-2021-44228",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-12-10T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030932"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue only affects log4j versions between 2.0  and 2.14.1. In order to exploit this flaw you need:\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n\nIn Red Hat OpenShift Logging the vulnerable log4j library is shipped in the Elasticsearch components. Because Elasticsearch is not susceptible to remote code execution with this vulnerability due to use of the Java Security Manager and because access to these components is limited, the impact by this vulnerability is reduced to Moderate.\n\nAs per upstream applications using Log4j 1.x may be impacted by this flaw if their configuration uses JNDI. However, the risk is much lower. This flaw in Log4j 1.x is tracked via https://access.redhat.com/security/cve/CVE-2021-4104 and has been rated as having Moderate security impact.\n\nCodeReady Studio version 12.21.1 was released containing a fix for this vulnerability.\n\nThe following products are NOT affected by this flaw and have been explicitly listed here for the benefit of our customers.\n- Red Hat Enterprise Linux\n- Red Hat Advanced Cluster Management for Kubernetes \n- Red Hat Advanced Cluster Security for Kubernetes\n- Red Hat Ansible Automation Platform (Engine and Tower)\n- Red Hat Certificate System\n- Red Hat Directory Server\n- Red Hat Identity Management\n- Red Hat CloudForms \n- Red Hat Update Infrastructure\n- Red Hat Satellite\n- Red Hat Ceph Storage\n- Red Hat Gluster Storage\n- Red Hat OpenShift Data Foundation\n- Red Hat OpenStack Platform\n- Red Hat Virtualization\n- Red Hat Single Sign-On\n- Red Hat 3scale API Management",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030932",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
        },
        {
          "category": "external",
          "summary": "RHSB-2021-009",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q",
          "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.lunasec.io/docs/blog/log4j-zero-day/",
          "url": "https://www.lunasec.io/docs/blog/log4j-zero-day/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-10T02:01:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T19:37:00+00:00",
          "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5129"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions \u003e=2.10\nset the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true\n\nFor Log4j versions \u003e=2.7 and \u003c=2.14.1\nall PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m\n\nFor Log4j versions \u003e=2.0-beta9 and \u003c=2.10.0\nremove the JndiLookup class from the classpath. For example: \n```\nzip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\n```\n\nOn OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421\n\nOn OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2021-12-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value"
    },
    {
      "cve": "CVE-2021-45046",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-12-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2032580"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "RHBZ#2032580",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/cve/CVE-2021-44228",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4",
          "url": "https://www.openwall.com/lists/oss-security/2021/12/14/4"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T19:37:00+00:00",
          "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5129"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-05-01T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)"
    }
  ]
}

RHSA-2021_5130

Vulnerability from csaf_redhat - Published: 2021-12-14 17:55 - Updated: 2024-12-17 23:59

Summary

Red Hat Security Advisory: Red Hat Integration Camel-K 1.6.2 release and security update

Severity

Critical

Notes

Topic: A minor version update (from 1.6.1 to 1.6.2) is now available for Red Hat Integration Camel K that includes bug fixes. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: A minor version update (from 1.6.1 to 1.6.2) is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-44228

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Vendor Fix Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2021:5130

Workaround For Log4j versions >=2.10 set the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true For Log4j versions >=2.7 and <=2.14.1 all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m For Log4j versions >=2.0-beta9 and <=2.10.0 remove the JndiLookup class from the classpath. For example: ``` zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ``` On OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421 On OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441

References

URL

Category

	https://access.redhat.com/errata/RHSA-2021:5130	self
	https://access.redhat.com/security/updates/classi…	external
	https://access.redhat.com/jbossnetwork/restricted…	external
	https://access.redhat.com/documentation/en-us/red…	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2021-44228	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://www.cve.org/CVERecord?id=CVE-2021-44228	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-44228	external
	https://github.com/advisories/GHSA-jfh8-c2jp-5v3q	external
	https://logging.apache.org/log4j/2.x/security.html	external
	https://www.lunasec.io/docs/blog/log4j-zero-day/	external
	https://www.cisa.gov/known-exploited-vulnerabilit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A minor version update (from 1.6.1 to 1.6.2) is now available for Red Hat Integration Camel K that includes bug fixes. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "A minor version update (from 1.6.1 to 1.6.2) is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:5130",
        "url": "https://access.redhat.com/errata/RHSA-2021:5130"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2021-Q4",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2021-Q4"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q4",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q4"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
      },
      {
        "category": "external",
        "summary": "2030932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_5130.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Integration Camel-K 1.6.2 release and security update",
    "tracking": {
      "current_release_date": "2024-12-17T23:59:53+00:00",
      "generator": {
        "date": "2024-12-17T23:59:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2021:5130",
      "initial_release_date": "2021-12-14T17:55:09+00:00",
      "revision_history": [
        {
          "date": "2021-12-14T17:55:09+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-12-14T17:55:09+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-17T23:59:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Integration",
                "product": {
                  "name": "Red Hat Integration",
                  "product_id": "Red Hat Integration",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:integration:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Integration"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-44228",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-12-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030932"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue only affects log4j versions between 2.0  and 2.14.1. In order to exploit this flaw you need:\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n\nIn Red Hat OpenShift Logging the vulnerable log4j library is shipped in the Elasticsearch components. Because Elasticsearch is not susceptible to remote code execution with this vulnerability due to use of the Java Security Manager and because access to these components is limited, the impact by this vulnerability is reduced to Moderate.\n\nAs per upstream applications using Log4j 1.x may be impacted by this flaw if their configuration uses JNDI. However, the risk is much lower. This flaw in Log4j 1.x is tracked via https://access.redhat.com/security/cve/CVE-2021-4104 and has been rated as having Moderate security impact.\n\nCodeReady Studio version 12.21.1 was released containing a fix for this vulnerability.\n\nThe following products are NOT affected by this flaw and have been explicitly listed here for the benefit of our customers.\n- Red Hat Enterprise Linux\n- Red Hat Advanced Cluster Management for Kubernetes \n- Red Hat Advanced Cluster Security for Kubernetes\n- Red Hat Ansible Automation Platform (Engine and Tower)\n- Red Hat Certificate System\n- Red Hat Directory Server\n- Red Hat Identity Management\n- Red Hat CloudForms \n- Red Hat Update Infrastructure\n- Red Hat Satellite\n- Red Hat Ceph Storage\n- Red Hat Gluster Storage\n- Red Hat OpenShift Data Foundation\n- Red Hat OpenStack Platform\n- Red Hat Virtualization\n- Red Hat Single Sign-On\n- Red Hat 3scale API Management",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Integration"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030932",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
        },
        {
          "category": "external",
          "summary": "RHSB-2021-009",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q",
          "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.lunasec.io/docs/blog/log4j-zero-day/",
          "url": "https://www.lunasec.io/docs/blog/log4j-zero-day/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-10T02:01:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T17:55:09+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Integration"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5130"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions \u003e=2.10\nset the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true\n\nFor Log4j versions \u003e=2.7 and \u003c=2.14.1\nall PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m\n\nFor Log4j versions \u003e=2.0-beta9 and \u003c=2.10.0\nremove the JndiLookup class from the classpath. For example: \n```\nzip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\n```\n\nOn OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421\n\nOn OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441",
          "product_ids": [
            "Red Hat Integration"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Integration"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2021-12-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value"
    }
  ]
}

RHSA-2021:5133

Vulnerability from csaf_redhat - Published: 2021-12-14 21:13 - Updated: 2026-04-01 18:52

Summary

Red Hat Security Advisory: Red Hat AMQ Streams 1.6.5 release and security update

Severity

Critical

Notes

Topic: Red Hat AMQ Streams 1.6.5 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.6.5 serves as a replacement for Red Hat AMQ Streams 1.6.4, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-44228

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2021:5133

Workaround For Log4j versions >=2.10 set the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true For Log4j versions >=2.7 and <=2.14.1 all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m For Log4j versions >=2.0-beta9 and <=2.10.0 remove the JndiLookup class from the classpath. For example: ``` zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ``` On OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421 On OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441

References

URL

Category

	https://access.redhat.com/errata/RHSA-2021:5133	self
	https://access.redhat.com/security/updates/classi…	external
	https://access.redhat.com/jbossnetwork/restricted…	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2021-44228	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://www.cve.org/CVERecord?id=CVE-2021-44228	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-44228	external
	https://github.com/advisories/GHSA-jfh8-c2jp-5v3q	external
	https://logging.apache.org/log4j/2.x/security.html	external
	https://www.lunasec.io/docs/blog/log4j-zero-day/	external
	https://www.cisa.gov/known-exploited-vulnerabilit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat AMQ Streams 1.6.5 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 1.6.5 serves as a replacement for Red Hat AMQ Streams 1.6.4, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:5133",
        "url": "https://access.redhat.com/errata/RHSA-2021:5133"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=1.6.5",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=1.6.5"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
      },
      {
        "category": "external",
        "summary": "2030932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_5133.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat AMQ Streams 1.6.5 release and security update",
    "tracking": {
      "current_release_date": "2026-04-01T18:52:54+00:00",
      "generator": {
        "date": "2026-04-01T18:52:54+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.4"
        }
      },
      "id": "RHSA-2021:5133",
      "initial_release_date": "2021-12-14T21:13:26+00:00",
      "revision_history": [
        {
          "date": "2021-12-14T21:13:26+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-12-14T21:13:26+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-01T18:52:54+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat AMQ Streams 1.6.5",
                "product": {
                  "name": "Red Hat AMQ Streams 1.6.5",
                  "product_id": "Red Hat AMQ Streams 1.6.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:amq_streams:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss AMQ"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-44228",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-12-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030932"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue only affects log4j versions between 2.0  and 2.14.1. In order to exploit this flaw you need:\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n\nIn Red Hat OpenShift Logging the vulnerable log4j library is shipped in the Elasticsearch components. Because Elasticsearch is not susceptible to remote code execution with this vulnerability due to use of the Java Security Manager and because access to these components is limited, the impact by this vulnerability is reduced to Moderate.\n\nAs per upstream applications using Log4j 1.x may be impacted by this flaw if their configuration uses JNDI. However, the risk is much lower. This flaw in Log4j 1.x is tracked via https://access.redhat.com/security/cve/CVE-2021-4104 and has been rated as having Moderate security impact.\n\nCodeReady Studio version 12.21.1 was released containing a fix for this vulnerability.\n\nThe following products are NOT affected by this flaw and have been explicitly listed here for the benefit of our customers.\n- Red Hat Enterprise Linux\n- Red Hat Advanced Cluster Management for Kubernetes \n- Red Hat Advanced Cluster Security for Kubernetes\n- Red Hat Ansible Automation Platform (Engine and Tower)\n- Red Hat Certificate System\n- Red Hat Directory Server\n- Red Hat Identity Management\n- Red Hat CloudForms \n- Red Hat Update Infrastructure\n- Red Hat Satellite\n- Red Hat Ceph Storage\n- Red Hat Gluster Storage\n- Red Hat OpenShift Data Foundation\n- Red Hat OpenStack Platform\n- Red Hat Virtualization\n- Red Hat Single Sign-On\n- Red Hat 3scale API Management",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 1.6.5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030932",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
        },
        {
          "category": "external",
          "summary": "RHSB-2021-009",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q",
          "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.lunasec.io/docs/blog/log4j-zero-day/",
          "url": "https://www.lunasec.io/docs/blog/log4j-zero-day/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-10T02:01:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:13:26+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Streams 1.6.5"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5133"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions \u003e=2.10\nset the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true\n\nFor Log4j versions \u003e=2.7 and \u003c=2.14.1\nall PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m\n\nFor Log4j versions \u003e=2.0-beta9 and \u003c=2.10.0\nremove the JndiLookup class from the classpath. For example: \n```\nzip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\n```\n\nOn OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421\n\nOn OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441",
          "product_ids": [
            "Red Hat AMQ Streams 1.6.5"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 1.6.5"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2021-12-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value"
    }
  ]
}

RHSA-2025:1746

Vulnerability from csaf_redhat - Published: 2025-02-24 00:08 - Updated: 2026-04-01 18:56

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.9 on RHEL 7 security update

Severity

Critical

Notes

Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS [eap-7.1.z] (CVE-2022-41881) * velocity: arbitrary code execution when attacker is able to modify templates [eap-7.1.z] (CVE-2020-13936) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution [eap-7.1.z] (CVE-2020-10673) * jackson-databind: Serialization gadgets in anteros-core [eap-7.1.z] (CVE-2020-9548) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution [eap-7.1.z] (CVE-2020-10672) * wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users [eap-7.1.z] (CVE-2021-3717) * jackson-databind: Serialization gadgets in ibatis-sqlmap [eap-7.1.z] (CVE-2020-9547) * log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) [eap-7.1.z] (CVE-2021-45046) * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value [eap-7.1.z] (CVE-2021-44228) * jackson-databind: Serialization gadgets in shaded-hikari-config [eap-7.1.z] (CVE-2020-9546) * CXF: Apache CXF: directory listing / code exfiltration [eap-7.1.z] (CVE-2022-46363) * sshd-common: mina-sshd: Java unsafe deserialization vulnerability [eap-7.1.z] (CVE-2022-45047) * jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos [eap-7.1.z] (CVE-2022-45693) * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS [eap-7.1.z] (CVE-2022-42003) * jackson-databind: use of deeply nested arrays [eap-7.1.z] (CVE-2022-42004) * jackson-databind: Lacks certain xbean-reflect/JNDI blocking [eap-7.1.z] (CVE-2020-8840) * snakeyaml: Constructor Deserialization Remote Code Execution [eap-7.1.z] (CVE-2022-1471) * commons-text: apache-commons-text: variable interpolation RCE [eap-7.1.z] (CVE-2022-42889) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2020-8840

A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A "gadget" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2025:1746

CVE-2020-9546

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2025:1746

CVE-2020-9547

A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2025:1746

CVE-2020-9548

A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2025:1746

CVE-2020-10672

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

Vendor Fix Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2025:1746

CVE-2020-10673

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

Vendor Fix Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2025:1746

CVE-2020-13936

A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Vendor Fix Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2025:1746

CVE-2021-3717

A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-552 - Files or Directories Accessible to External Parties

Vendor Fix Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2025:1746

CVE-2021-44228

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Vendor Fix Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2025:1746

Workaround For Log4j versions >=2.10 set the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true For Log4j versions >=2.7 and <=2.14.1 all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m For Log4j versions >=2.0-beta9 and <=2.10.0 remove the JndiLookup class from the classpath. For example: ``` zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ``` On OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421 On OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441

CVE-2021-45046

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Vendor Fix Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2025:1746

Workaround For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).

CVE-2022-1471

A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2025:1746

CVE-2022-41881

A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-674 - Uncontrolled Recursion

Vendor Fix Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2025:1746

CVE-2022-42003

A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2025:1746

CVE-2022-42004

A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2025:1746

CVE-2022-42889

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Vendor Fix Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2025:1746

Workaround This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.

CVE-2022-45047

A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2025:1746

Workaround From the maintainer: For Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of SimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).

CVE-2022-45693

A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-787 - Out-of-bounds Write

Vendor Fix Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2025:1746

CVE-2022-46363

A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-20 - Improper Input Validation

Vendor Fix Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2025:1746

References

URL

Category

	https://access.redhat.com/errata/RHSA-2025:1746	self
	https://access.redhat.com/security/updates/classi…	external
	https://docs.redhat.com/en/documentation/red_hat_…	external
	https://docs.redhat.com/en/documentation/red_hat_…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1815470	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1815495	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1816330	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1816332	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1816337	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1816340	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1937440	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1991305	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2032580	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2135244	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2135247	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2135435	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2145194	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2150009	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2153379	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2155681	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2155970	external
	https://issues.redhat.com/browse/JBEAP-28583	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2020-8840	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1816330	external
	https://www.cve.org/CVERecord?id=CVE-2020-8840	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-8840	external
	https://access.redhat.com/security/cve/CVE-2020-9546	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1816332	external
	https://www.cve.org/CVERecord?id=CVE-2020-9546	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-9546	external
	https://access.redhat.com/security/cve/CVE-2020-9547	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1816337	external
	https://www.cve.org/CVERecord?id=CVE-2020-9547	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-9547	external
	https://access.redhat.com/security/cve/CVE-2020-9548	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1816340	external
	https://www.cve.org/CVERecord?id=CVE-2020-9548	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-9548	external
	https://access.redhat.com/security/cve/CVE-2020-10672	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1815495	external
	https://www.cve.org/CVERecord?id=CVE-2020-10672	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-10672	external
	https://access.redhat.com/security/cve/CVE-2020-10673	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1815470	external
	https://www.cve.org/CVERecord?id=CVE-2020-10673	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-10673	external
	https://access.redhat.com/security/cve/CVE-2020-13936	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1937440	external
	https://www.cve.org/CVERecord?id=CVE-2020-13936	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-13936	external
	https://access.redhat.com/security/cve/CVE-2021-3717	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1991305	external
	https://www.cve.org/CVERecord?id=CVE-2021-3717	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-3717	external
	https://access.redhat.com/security/cve/CVE-2021-44228	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://www.cve.org/CVERecord?id=CVE-2021-44228	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-44228	external
	https://github.com/advisories/GHSA-jfh8-c2jp-5v3q	external
	https://logging.apache.org/log4j/2.x/security.html	external
	https://www.lunasec.io/docs/blog/log4j-zero-day/	external
	https://www.cisa.gov/known-exploited-vulnerabilit…	external
	https://access.redhat.com/security/cve/CVE-2021-45046	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2032580	external
	https://www.cve.org/CVERecord?id=CVE-2021-45046	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-45046	external
	https://access.redhat.com/security/cve/CVE-2021-44228	external
	https://www.openwall.com/lists/oss-security/2021/…	external
	https://access.redhat.com/security/cve/CVE-2022-1471	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2150009	external
	https://www.cve.org/CVERecord?id=CVE-2022-1471	external
	https://nvd.nist.gov/vuln/detail/CVE-2022-1471	external
	https://github.com/google/security-research/secur…	external
	https://access.redhat.com/security/cve/CVE-2022-41881	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2153379	external
	https://www.cve.org/CVERecord?id=CVE-2022-41881	external
	https://nvd.nist.gov/vuln/detail/CVE-2022-41881	external
	https://access.redhat.com/security/cve/CVE-2022-42003	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2135244	external
	https://www.cve.org/CVERecord?id=CVE-2022-42003	external
	https://nvd.nist.gov/vuln/detail/CVE-2022-42003	external
	https://access.redhat.com/security/cve/CVE-2022-42004	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2135247	external
	https://www.cve.org/CVERecord?id=CVE-2022-42004	external
	https://nvd.nist.gov/vuln/detail/CVE-2022-42004	external
	https://access.redhat.com/security/cve/CVE-2022-42889	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2135435	external
	https://www.cve.org/CVERecord?id=CVE-2022-42889	external
	https://nvd.nist.gov/vuln/detail/CVE-2022-42889	external
	https://blogs.apache.org/security/entry/cve-2022-42889	external
	https://lists.apache.org/thread/n2bd4vdsgkqh2tm14…	external
	https://seclists.org/oss-sec/2022/q4/22	external
	https://access.redhat.com/security/cve/CVE-2022-45047	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2145194	external
	https://www.cve.org/CVERecord?id=CVE-2022-45047	external
	https://nvd.nist.gov/vuln/detail/CVE-2022-45047	external
	https://www.mail-archive.com/dev@mina.apache.org/…	external
	https://access.redhat.com/security/cve/CVE-2022-45693	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2155970	external
	https://www.cve.org/CVERecord?id=CVE-2022-45693	external
	https://nvd.nist.gov/vuln/detail/CVE-2022-45693	external
	https://access.redhat.com/security/cve/CVE-2022-46363	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2155681	external
	https://www.cve.org/CVERecord?id=CVE-2022-46363	external
	https://nvd.nist.gov/vuln/detail/CVE-2022-46363	external
	https://lists.apache.org/thread/pdzo1qgyplf4y523t…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS [eap-7.1.z] (CVE-2022-41881)\n\n* velocity: arbitrary code execution when attacker is able to modify templates [eap-7.1.z] (CVE-2020-13936)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution [eap-7.1.z] (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in anteros-core [eap-7.1.z] (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution [eap-7.1.z] (CVE-2020-10672)\n\n* wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users [eap-7.1.z] (CVE-2021-3717)\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap [eap-7.1.z] (CVE-2020-9547)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) [eap-7.1.z] (CVE-2021-45046)\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value [eap-7.1.z] (CVE-2021-44228)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config [eap-7.1.z] (CVE-2020-9546)\n\n* CXF: Apache CXF: directory listing / code exfiltration [eap-7.1.z] (CVE-2022-46363)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability [eap-7.1.z] (CVE-2022-45047)\n\n* jettison:  If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos [eap-7.1.z] (CVE-2022-45693)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS [eap-7.1.z] (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays [eap-7.1.z] (CVE-2022-42004)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking [eap-7.1.z] (CVE-2020-8840)\n\n* snakeyaml: Constructor Deserialization Remote Code Execution [eap-7.1.z] (CVE-2022-1471)\n\n* commons-text: apache-commons-text: variable interpolation RCE [eap-7.1.z] (CVE-2022-42889)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:1746",
        "url": "https://access.redhat.com/errata/RHSA-2025:1746"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index"
      },
      {
        "category": "external",
        "summary": "1815470",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
      },
      {
        "category": "external",
        "summary": "1815495",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
      },
      {
        "category": "external",
        "summary": "1816330",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330"
      },
      {
        "category": "external",
        "summary": "1816332",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332"
      },
      {
        "category": "external",
        "summary": "1816337",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337"
      },
      {
        "category": "external",
        "summary": "1816340",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340"
      },
      {
        "category": "external",
        "summary": "1937440",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937440"
      },
      {
        "category": "external",
        "summary": "1991305",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991305"
      },
      {
        "category": "external",
        "summary": "2030932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
      },
      {
        "category": "external",
        "summary": "2032580",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580"
      },
      {
        "category": "external",
        "summary": "2135244",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
      },
      {
        "category": "external",
        "summary": "2135247",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
      },
      {
        "category": "external",
        "summary": "2135435",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
      },
      {
        "category": "external",
        "summary": "2145194",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
      },
      {
        "category": "external",
        "summary": "2150009",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009"
      },
      {
        "category": "external",
        "summary": "2153379",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153379"
      },
      {
        "category": "external",
        "summary": "2155681",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
      },
      {
        "category": "external",
        "summary": "2155970",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
      },
      {
        "category": "external",
        "summary": "JBEAP-28583",
        "url": "https://issues.redhat.com/browse/JBEAP-28583"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1746.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.9 on RHEL 7 security update",
    "tracking": {
      "current_release_date": "2026-04-01T18:56:21+00:00",
      "generator": {
        "date": "2026-04-01T18:56:21+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.4"
        }
      },
      "id": "RHSA-2025:1746",
      "initial_release_date": "2025-02-24T00:08:27+00:00",
      "revision_history": [
        {
          "date": "2025-02-24T00:08:27+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-02-24T00:08:27+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-01T18:56:21+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
                  "product_id": "7Server-JBEAP-7.1-EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
                "product": {
                  "name": "eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
                  "product_id": "eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty@4.1.63-1.Final_redhat_00002.1.ep7.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
                "product": {
                  "name": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
                  "product_id": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-snakeyaml@1.33.0-1.SP1_redhat_00001.1.ep7.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
                "product": {
                  "name": "eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
                  "product_id": "eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jettison@1.3.8-2.redhat_00002.1.ep7.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
                "product": {
                  "name": "eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
                  "product_id": "eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.1.16-4.redhat_00003.1.ep7.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
                "product": {
                  "name": "eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
                  "product_id": "eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.8.11.6-2.SP1_redhat_00002.1.ep7.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
                "product": {
                  "name": "eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
                  "product_id": "eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-velocity@1.7.0-3.redhat_00006.1.ep7.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
                "product": {
                  "name": "eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
                  "product_id": "eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.1.9-2.GA_redhat_00002.1.ep7.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
                "product": {
                  "name": "eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
                  "product_id": "eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
                  "product_id": "eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty@4.1.63-1.Final_redhat_00002.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
                  "product_id": "eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.63-1.Final_redhat_00002.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
                  "product_id": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-snakeyaml@1.33.0-1.SP1_redhat_00001.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
                  "product_id": "eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jettison@1.3.8-2.redhat_00002.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
                  "product_id": "eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.1.16-4.redhat_00003.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
                  "product_id": "eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.1.16-4.redhat_00003.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
                  "product_id": "eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.1.16-4.redhat_00003.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
                  "product_id": "eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.1.16-4.redhat_00003.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
                  "product_id": "eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.8.11.6-2.SP1_redhat_00002.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
                  "product_id": "eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-velocity@1.7.0-3.redhat_00006.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
                  "product_id": "eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.1.9-2.GA_redhat_00002.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
                  "product_id": "eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.1.9-2.GA_redhat_00002.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_id": "eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_id": "eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_id": "eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_id": "eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-client@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_id": "eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_id": "eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_id": "eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_id": "eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_id": "eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_id": "eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_id": "eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_id": "eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_id": "eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_id": "eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_id": "eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_id": "eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                "product": {
                  "name": "eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_id": "eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src"
        },
        "product_reference": "eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src"
        },
        "product_reference": "eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src"
        },
        "product_reference": "eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src"
        },
        "product_reference": "eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src"
        },
        "product_reference": "eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src"
        },
        "product_reference": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src"
        },
        "product_reference": "eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src"
        },
        "product_reference": "eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
        },
        "product_reference": "eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-8840",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2020-03-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1816330"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8840"
        },
        {
          "category": "external",
          "summary": "RHBZ#1816330",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840"
        }
      ],
      "release_date": "2020-03-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-24T00:08:27+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:1746"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking"
    },
    {
      "cve": "CVE-2020-9546",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2020-03-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1816332"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-databind: Serialization gadgets in shaded-hikari-config",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-9546"
        },
        {
          "category": "external",
          "summary": "RHBZ#1816332",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546"
        }
      ],
      "release_date": "2020-03-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-24T00:08:27+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:1746"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jackson-databind: Serialization gadgets in shaded-hikari-config"
    },
    {
      "cve": "CVE-2020-9547",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2020-03-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1816337"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-databind: Serialization gadgets in ibatis-sqlmap",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-9547"
        },
        {
          "category": "external",
          "summary": "RHBZ#1816337",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547"
        }
      ],
      "release_date": "2020-03-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-24T00:08:27+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:1746"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jackson-databind: Serialization gadgets in ibatis-sqlmap"
    },
    {
      "cve": "CVE-2020-9548",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2020-03-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1816340"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-databind: Serialization gadgets in anteros-core",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-9548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1816340",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548"
        }
      ],
      "release_date": "2020-03-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-24T00:08:27+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:1746"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jackson-databind: Serialization gadgets in anteros-core"
    },
    {
      "cve": "CVE-2020-10672",
      "cwe": {
        "id": "CWE-96",
        "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
      },
      "discovery_date": "2020-03-19T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1815495"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10672"
        },
        {
          "category": "external",
          "summary": "RHBZ#1815495",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672"
        }
      ],
      "release_date": "2020-03-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-24T00:08:27+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:1746"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
    },
    {
      "cve": "CVE-2020-10673",
      "cwe": {
        "id": "CWE-96",
        "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
      },
      "discovery_date": "2020-03-19T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1815470"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10673"
        },
        {
          "category": "external",
          "summary": "RHBZ#1815470",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673"
        }
      ],
      "release_date": "2020-03-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-24T00:08:27+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:1746"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
    },
    {
      "cve": "CVE-2020-13936",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2021-03-10T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1937440"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "velocity: arbitrary code execution when attacker is able to modify templates",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) openshift-logging/elasticsearch6-rhel8 container does contain a vulnerable version of velocity. The references to the library only occur in the x-pack component which is an enterprise-only feature of Elasticsearch - hence it has been marked as wontfix as this time and may be fixed in a future release. Additionally the hive container only references velocity in the testutils of the code but the code still exists in the container, as such it has been given a Moderate impact.\n\n* Velocity as shipped with Red Hat Enterprise Linux 6 is not affected because it does not contain the vulnerable code.\n\n* Velocity as shipped with Red Hat Enterprise Linux 7 contains a vulnerable version, but it is used as a dependency for IdM/ipa, which does not use the vulnerable functionality. It has been marked as Moderate for this reason.\n\n* Although velocity shipped in Red Hat Enterprise Linux 8\u0027s pki-deps:10.6 for IdM/ipa is a vulnerable version, the vulnerable code is not used by pki. It has been marked as Low for this reason.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-13936"
        },
        {
          "category": "external",
          "summary": "RHBZ#1937440",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937440"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13936",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13936",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13936"
        }
      ],
      "release_date": "2021-03-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-24T00:08:27+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:1746"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "velocity: arbitrary code execution when attacker is able to modify templates"
    },
    {
      "cve": "CVE-2021-3717",
      "cwe": {
        "id": "CWE-552",
        "name": "Files or Directories Accessible to External Parties"
      },
      "discovery_date": "2021-07-27T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1991305"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3717"
        },
        {
          "category": "external",
          "summary": "RHBZ#1991305",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991305"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3717",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3717"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3717",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3717"
        }
      ],
      "release_date": "2021-08-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-24T00:08:27+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:1746"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users"
    },
    {
      "cve": "CVE-2021-44228",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-12-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030932"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue only affects log4j versions between 2.0  and 2.14.1. In order to exploit this flaw you need:\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n\nIn Red Hat OpenShift Logging the vulnerable log4j library is shipped in the Elasticsearch components. Because Elasticsearch is not susceptible to remote code execution with this vulnerability due to use of the Java Security Manager and because access to these components is limited, the impact by this vulnerability is reduced to Moderate.\n\nAs per upstream applications using Log4j 1.x may be impacted by this flaw if their configuration uses JNDI. However, the risk is much lower. This flaw in Log4j 1.x is tracked via https://access.redhat.com/security/cve/CVE-2021-4104 and has been rated as having Moderate security impact.\n\nCodeReady Studio version 12.21.1 was released containing a fix for this vulnerability.\n\nThe following products are NOT affected by this flaw and have been explicitly listed here for the benefit of our customers.\n- Red Hat Enterprise Linux\n- Red Hat Advanced Cluster Management for Kubernetes \n- Red Hat Advanced Cluster Security for Kubernetes\n- Red Hat Ansible Automation Platform (Engine and Tower)\n- Red Hat Certificate System\n- Red Hat Directory Server\n- Red Hat Identity Management\n- Red Hat CloudForms \n- Red Hat Update Infrastructure\n- Red Hat Satellite\n- Red Hat Ceph Storage\n- Red Hat Gluster Storage\n- Red Hat OpenShift Data Foundation\n- Red Hat OpenStack Platform\n- Red Hat Virtualization\n- Red Hat Single Sign-On\n- Red Hat 3scale API Management",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030932",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
        },
        {
          "category": "external",
          "summary": "RHSB-2021-009",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q",
          "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.lunasec.io/docs/blog/log4j-zero-day/",
          "url": "https://www.lunasec.io/docs/blog/log4j-zero-day/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-10T02:01:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-24T00:08:27+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:1746"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions \u003e=2.10\nset the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true\n\nFor Log4j versions \u003e=2.7 and \u003c=2.14.1\nall PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m\n\nFor Log4j versions \u003e=2.0-beta9 and \u003c=2.10.0\nremove the JndiLookup class from the classpath. For example: \n```\nzip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\n```\n\nOn OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421\n\nOn OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2021-12-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value"
    },
    {
      "cve": "CVE-2021-45046",
      "cwe": {
        "id": "CWE-917",
        "name": "Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)"
      },
      "discovery_date": "2021-12-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2032580"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "RHBZ#2032580",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/cve/CVE-2021-44228",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4",
          "url": "https://www.openwall.com/lists/oss-security/2021/12/14/4"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-24T00:08:27+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:1746"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-05-01T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)"
    },
    {
      "cve": "CVE-2022-1471",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2022-12-01T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2150009"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "SnakeYaml: Constructor Deserialization Remote Code Execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml\u0027s SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker\u0027s control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml\u0027s Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1471"
        },
        {
          "category": "external",
          "summary": "RHBZ#2150009",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1471",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471"
        },
        {
          "category": "external",
          "summary": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2",
          "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"
        }
      ],
      "release_date": "2022-10-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-24T00:08:27+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:1746"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "SnakeYaml: Constructor Deserialization Remote Code Execution"
    },
    {
      "cve": "CVE-2022-41881",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "discovery_date": "2022-12-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2153379"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-41881"
        },
        {
          "category": "external",
          "summary": "RHBZ#2153379",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153379"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41881",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881"
        }
      ],
      "release_date": "2022-12-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-24T00:08:27+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:1746"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS"
    },
    {
      "cve": "CVE-2022-42003",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2022-10-17T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2135244"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-42003"
        },
        {
          "category": "external",
          "summary": "RHBZ#2135244",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
        }
      ],
      "release_date": "2022-10-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-24T00:08:27+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:1746"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
    },
    {
      "cve": "CVE-2022-42004",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2022-10-17T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2135247"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-databind: use of deeply nested arrays",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-42004"
        },
        {
          "category": "external",
          "summary": "RHBZ#2135247",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
        }
      ],
      "release_date": "2022-10-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-24T00:08:27+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:1746"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jackson-databind: use of deeply nested arrays"
    },
    {
      "cve": "CVE-2022-42889",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2022-10-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2135435"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9.  The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apache-commons-text: variable interpolation RCE",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n  - Usage of specific methods that interpolate the variables as described in the flaw\n  - Usage of external input for those methods\n  - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-42889"
        },
        {
          "category": "external",
          "summary": "RHBZ#2135435",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889"
        },
        {
          "category": "external",
          "summary": "https://blogs.apache.org/security/entry/cve-2022-42889",
          "url": "https://blogs.apache.org/security/entry/cve-2022-42889"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om",
          "url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
        },
        {
          "category": "external",
          "summary": "https://seclists.org/oss-sec/2022/q4/22",
          "url": "https://seclists.org/oss-sec/2022/q4/22"
        }
      ],
      "release_date": "2022-10-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-24T00:08:27+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:1746"
        },
        {
          "category": "workaround",
          "details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "apache-commons-text: variable interpolation RCE"
    },
    {
      "cve": "CVE-2022-45047",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2022-11-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2145194"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mina-sshd: Java unsafe deserialization vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-45047"
        },
        {
          "category": "external",
          "summary": "RHBZ#2145194",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
        },
        {
          "category": "external",
          "summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
          "url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
        }
      ],
      "release_date": "2022-11-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-24T00:08:27+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:1746"
        },
        {
          "category": "workaround",
          "details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "mina-sshd: Java unsafe deserialization vulnerability"
    },
    {
      "cve": "CVE-2022-45693",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-12-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2155970"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-45693"
        },
        {
          "category": "external",
          "summary": "RHBZ#2155970",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693"
        }
      ],
      "release_date": "2022-12-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-24T00:08:27+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:1746"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos"
    },
    {
      "cve": "CVE-2022-46363",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2022-12-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2155681"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CXF: directory listing / code exfiltration",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
          "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-46363"
        },
        {
          "category": "external",
          "summary": "RHBZ#2155681",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c",
          "url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c"
        }
      ],
      "release_date": "2022-12-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-24T00:08:27+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:1746"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
            "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "CXF: directory listing / code exfiltration"
    }
  ]
}

RHSA-2021:5138

Vulnerability from csaf_redhat - Published: 2021-12-14 21:49 - Updated: 2026-04-01 18:52

Summary

Red Hat Security Advisory: Red Hat AMQ Streams 1.8.4 release and security update

Severity

Critical

Notes

Topic: Red Hat AMQ Streams 1.8.4 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.8.4 serves as a replacement for Red Hat AMQ Streams 1.8.0, and includes security and bug fixes, and enhancements. Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-44228

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2021:5138

Workaround For Log4j versions >=2.10 set the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true For Log4j versions >=2.7 and <=2.14.1 all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m For Log4j versions >=2.0-beta9 and <=2.10.0 remove the JndiLookup class from the classpath. For example: ``` zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ``` On OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421 On OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441

References

URL

Category

	https://access.redhat.com/errata/RHSA-2021:5138	self
	https://access.redhat.com/security/updates/classi…	external
	https://access.redhat.com/jbossnetwork/restricted…	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2021-44228	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://www.cve.org/CVERecord?id=CVE-2021-44228	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-44228	external
	https://github.com/advisories/GHSA-jfh8-c2jp-5v3q	external
	https://logging.apache.org/log4j/2.x/security.html	external
	https://www.lunasec.io/docs/blog/log4j-zero-day/	external
	https://www.cisa.gov/known-exploited-vulnerabilit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat AMQ Streams 1.8.4 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 1.8.4 serves as a replacement for Red Hat AMQ Streams 1.8.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:5138",
        "url": "https://access.redhat.com/errata/RHSA-2021:5138"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=1.8.4",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=1.8.4"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
      },
      {
        "category": "external",
        "summary": "2030932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_5138.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat AMQ Streams 1.8.4 release and security update",
    "tracking": {
      "current_release_date": "2026-04-01T18:52:55+00:00",
      "generator": {
        "date": "2026-04-01T18:52:55+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.4"
        }
      },
      "id": "RHSA-2021:5138",
      "initial_release_date": "2021-12-14T21:49:01+00:00",
      "revision_history": [
        {
          "date": "2021-12-14T21:49:01+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-12-14T21:49:01+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-01T18:52:55+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat AMQ Streams 1.8.4",
                "product": {
                  "name": "Red Hat AMQ Streams 1.8.4",
                  "product_id": "Red Hat AMQ Streams 1.8.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:amq_streams:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss AMQ"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-44228",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-12-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030932"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue only affects log4j versions between 2.0  and 2.14.1. In order to exploit this flaw you need:\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n\nIn Red Hat OpenShift Logging the vulnerable log4j library is shipped in the Elasticsearch components. Because Elasticsearch is not susceptible to remote code execution with this vulnerability due to use of the Java Security Manager and because access to these components is limited, the impact by this vulnerability is reduced to Moderate.\n\nAs per upstream applications using Log4j 1.x may be impacted by this flaw if their configuration uses JNDI. However, the risk is much lower. This flaw in Log4j 1.x is tracked via https://access.redhat.com/security/cve/CVE-2021-4104 and has been rated as having Moderate security impact.\n\nCodeReady Studio version 12.21.1 was released containing a fix for this vulnerability.\n\nThe following products are NOT affected by this flaw and have been explicitly listed here for the benefit of our customers.\n- Red Hat Enterprise Linux\n- Red Hat Advanced Cluster Management for Kubernetes \n- Red Hat Advanced Cluster Security for Kubernetes\n- Red Hat Ansible Automation Platform (Engine and Tower)\n- Red Hat Certificate System\n- Red Hat Directory Server\n- Red Hat Identity Management\n- Red Hat CloudForms \n- Red Hat Update Infrastructure\n- Red Hat Satellite\n- Red Hat Ceph Storage\n- Red Hat Gluster Storage\n- Red Hat OpenShift Data Foundation\n- Red Hat OpenStack Platform\n- Red Hat Virtualization\n- Red Hat Single Sign-On\n- Red Hat 3scale API Management",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 1.8.4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030932",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
        },
        {
          "category": "external",
          "summary": "RHSB-2021-009",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q",
          "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.lunasec.io/docs/blog/log4j-zero-day/",
          "url": "https://www.lunasec.io/docs/blog/log4j-zero-day/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-10T02:01:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:49:01+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Streams 1.8.4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5138"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions \u003e=2.10\nset the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true\n\nFor Log4j versions \u003e=2.7 and \u003c=2.14.1\nall PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m\n\nFor Log4j versions \u003e=2.0-beta9 and \u003c=2.10.0\nremove the JndiLookup class from the classpath. For example: \n```\nzip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\n```\n\nOn OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421\n\nOn OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441",
          "product_ids": [
            "Red Hat AMQ Streams 1.8.4"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 1.8.4"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2021-12-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value"
    }
  ]
}

RHSA-2021_5107

Vulnerability from csaf_redhat - Published: 2021-12-16 15:00 - Updated: 2024-12-18 00:00

Summary

Red Hat Security Advisory: OpenShift Container Platform 4.7.40 security update

Severity

Critical

Notes

Topic: Red Hat OpenShift Container Platform release 4.7.40 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104) * log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-4104

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JNDI LDAP endpoint.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Vendor Fix For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html https://access.redhat.com/errata/RHSA-2021:5107

Workaround These are the possible mitigations for this flaw for releases version 1.x: - Comment out or remove JMSAppender in the Log4j configuration if it is used - Remove the JMSAppender class from the classpath. For example: ``` zip -q -d log4j-*.jar org/apache/log4j/net/JMSAppender.class ``` - Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.

CVE-2021-44228

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Vendor Fix For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html https://access.redhat.com/errata/RHSA-2021:5107

Workaround For Log4j versions >=2.10 set the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true For Log4j versions >=2.7 and <=2.14.1 all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m For Log4j versions >=2.0-beta9 and <=2.10.0 remove the JndiLookup class from the classpath. For example: ``` zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ``` On OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421 On OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441

CVE-2021-45046

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html https://access.redhat.com/errata/RHSA-2021:5107

Workaround For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).

References

URL

Category

	https://access.redhat.com/errata/RHSA-2021:5107	self
	https://access.redhat.com/security/updates/classi…	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2031667	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2032580	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2021-4104	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2031667	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://www.cve.org/CVERecord?id=CVE-2021-4104	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-4104	external
	https://github.com/apache/logging-log4j2/pull/608…	external
	https://github.com/apache/logging-log4j2/pull/608…	external
	https://lists.apache.org/thread/0x4zvtq92yggdgvwf…	external
	https://www.openwall.com/lists/oss-security/2021/…	external
	https://access.redhat.com/security/cve/CVE-2021-44228	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://www.cve.org/CVERecord?id=CVE-2021-44228	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-44228	external
	https://github.com/advisories/GHSA-jfh8-c2jp-5v3q	external
	https://logging.apache.org/log4j/2.x/security.html	external
	https://www.lunasec.io/docs/blog/log4j-zero-day/	external
	https://www.cisa.gov/known-exploited-vulnerabilit…	external
	https://access.redhat.com/security/cve/CVE-2021-45046	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2032580	external
	https://www.cve.org/CVERecord?id=CVE-2021-45046	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-45046	external
	https://access.redhat.com/security/cve/CVE-2021-44228	external
	https://www.openwall.com/lists/oss-security/2021/…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Container Platform release 4.7.40 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:5107",
        "url": "https://access.redhat.com/errata/RHSA-2021:5107"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
      },
      {
        "category": "external",
        "summary": "2030932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
      },
      {
        "category": "external",
        "summary": "2031667",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667"
      },
      {
        "category": "external",
        "summary": "2032580",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_5107.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 4.7.40 security update",
    "tracking": {
      "current_release_date": "2024-12-18T00:00:29+00:00",
      "generator": {
        "date": "2024-12-18T00:00:29+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2021:5107",
      "initial_release_date": "2021-12-16T15:00:19+00:00",
      "revision_history": [
        {
          "date": "2021-12-16T15:00:19+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-12-16T15:00:19+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-18T00:00:29+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 4.7",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.7",
                  "product_id": "8Base-RHOSE-4.7",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:4.7::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift4/ose-metering-hadoop@sha256:03a4dd392453720b3950efa522682f5d07938c4d36e4269658c5a555afa403e7_amd64",
                "product": {
                  "name": "openshift4/ose-metering-hadoop@sha256:03a4dd392453720b3950efa522682f5d07938c4d36e4269658c5a555afa403e7_amd64",
                  "product_id": "openshift4/ose-metering-hadoop@sha256:03a4dd392453720b3950efa522682f5d07938c4d36e4269658c5a555afa403e7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ose-metering-hadoop@sha256:03a4dd392453720b3950efa522682f5d07938c4d36e4269658c5a555afa403e7?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-hadoop\u0026tag=v4.7.0-202112150631.p0.g6046504.assembly.4.7.40"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift4/ose-metering-hive@sha256:3ae0917ca765603722b54a392bc5f1edc6c41b6c7d4c5eca95ed99c1d8af3d1c_amd64",
                "product": {
                  "name": "openshift4/ose-metering-hive@sha256:3ae0917ca765603722b54a392bc5f1edc6c41b6c7d4c5eca95ed99c1d8af3d1c_amd64",
                  "product_id": "openshift4/ose-metering-hive@sha256:3ae0917ca765603722b54a392bc5f1edc6c41b6c7d4c5eca95ed99c1d8af3d1c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ose-metering-hive@sha256:3ae0917ca765603722b54a392bc5f1edc6c41b6c7d4c5eca95ed99c1d8af3d1c?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-hive\u0026tag=v4.7.0-202112140553.p0.g091bb99.assembly.stream"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift4/ose-metering-ansible-operator@sha256:5a2aa59c1c7a1423ec5fa39eabfc0dfa41cea0db82c9fc1f5c2ce9923ee792f4_amd64",
                "product": {
                  "name": "openshift4/ose-metering-ansible-operator@sha256:5a2aa59c1c7a1423ec5fa39eabfc0dfa41cea0db82c9fc1f5c2ce9923ee792f4_amd64",
                  "product_id": "openshift4/ose-metering-ansible-operator@sha256:5a2aa59c1c7a1423ec5fa39eabfc0dfa41cea0db82c9fc1f5c2ce9923ee792f4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ose-metering-ansible-operator@sha256:5a2aa59c1c7a1423ec5fa39eabfc0dfa41cea0db82c9fc1f5c2ce9923ee792f4?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-ansible-operator\u0026tag=v4.7.0-202112150631.p0.g3959be4.assembly.4.7.40"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift4/ose-metering-ansible-operator-bundle@sha256:665d34bc3e69cda3c37699051cfee983cf14f6d5f67d56d949652230937dcc90_amd64",
                "product": {
                  "name": "openshift4/ose-metering-ansible-operator-bundle@sha256:665d34bc3e69cda3c37699051cfee983cf14f6d5f67d56d949652230937dcc90_amd64",
                  "product_id": "openshift4/ose-metering-ansible-operator-bundle@sha256:665d34bc3e69cda3c37699051cfee983cf14f6d5f67d56d949652230937dcc90_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ose-metering-ansible-operator-bundle@sha256:665d34bc3e69cda3c37699051cfee983cf14f6d5f67d56d949652230937dcc90?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-ansible-operator-bundle\u0026tag=v4.7.0.202112150631.p0.g3959be4.assembly.4.7.40-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift4/ose-metering-presto@sha256:795baa6f38910a8c35d179b8449cd8df3ad7644b9a0a13dad8407519902037e9_amd64",
                "product": {
                  "name": "openshift4/ose-metering-presto@sha256:795baa6f38910a8c35d179b8449cd8df3ad7644b9a0a13dad8407519902037e9_amd64",
                  "product_id": "openshift4/ose-metering-presto@sha256:795baa6f38910a8c35d179b8449cd8df3ad7644b9a0a13dad8407519902037e9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ose-metering-presto@sha256:795baa6f38910a8c35d179b8449cd8df3ad7644b9a0a13dad8407519902037e9?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-presto\u0026tag=v4.7.0-202112150631.p0.gd502108.assembly.4.7.40"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift4/ose-metering-ansible-operator-bundle@sha256:665d34bc3e69cda3c37699051cfee983cf14f6d5f67d56d949652230937dcc90_amd64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator-bundle@sha256:665d34bc3e69cda3c37699051cfee983cf14f6d5f67d56d949652230937dcc90_amd64"
        },
        "product_reference": "openshift4/ose-metering-ansible-operator-bundle@sha256:665d34bc3e69cda3c37699051cfee983cf14f6d5f67d56d949652230937dcc90_amd64",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift4/ose-metering-ansible-operator@sha256:5a2aa59c1c7a1423ec5fa39eabfc0dfa41cea0db82c9fc1f5c2ce9923ee792f4_amd64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator@sha256:5a2aa59c1c7a1423ec5fa39eabfc0dfa41cea0db82c9fc1f5c2ce9923ee792f4_amd64"
        },
        "product_reference": "openshift4/ose-metering-ansible-operator@sha256:5a2aa59c1c7a1423ec5fa39eabfc0dfa41cea0db82c9fc1f5c2ce9923ee792f4_amd64",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift4/ose-metering-hadoop@sha256:03a4dd392453720b3950efa522682f5d07938c4d36e4269658c5a555afa403e7_amd64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:openshift4/ose-metering-hadoop@sha256:03a4dd392453720b3950efa522682f5d07938c4d36e4269658c5a555afa403e7_amd64"
        },
        "product_reference": "openshift4/ose-metering-hadoop@sha256:03a4dd392453720b3950efa522682f5d07938c4d36e4269658c5a555afa403e7_amd64",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift4/ose-metering-hive@sha256:3ae0917ca765603722b54a392bc5f1edc6c41b6c7d4c5eca95ed99c1d8af3d1c_amd64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:openshift4/ose-metering-hive@sha256:3ae0917ca765603722b54a392bc5f1edc6c41b6c7d4c5eca95ed99c1d8af3d1c_amd64"
        },
        "product_reference": "openshift4/ose-metering-hive@sha256:3ae0917ca765603722b54a392bc5f1edc6c41b6c7d4c5eca95ed99c1d8af3d1c_amd64",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift4/ose-metering-presto@sha256:795baa6f38910a8c35d179b8449cd8df3ad7644b9a0a13dad8407519902037e9_amd64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:openshift4/ose-metering-presto@sha256:795baa6f38910a8c35d179b8449cd8df3ad7644b9a0a13dad8407519902037e9_amd64"
        },
        "product_reference": "openshift4/ose-metering-presto@sha256:795baa6f38910a8c35d179b8449cd8df3ad7644b9a0a13dad8407519902037e9_amd64",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-4104",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-12-13T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator-bundle@sha256:665d34bc3e69cda3c37699051cfee983cf14f6d5f67d56d949652230937dcc90_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator@sha256:5a2aa59c1c7a1423ec5fa39eabfc0dfa41cea0db82c9fc1f5c2ce9923ee792f4_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-hive@sha256:3ae0917ca765603722b54a392bc5f1edc6c41b6c7d4c5eca95ed99c1d8af3d1c_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2031667"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker\u0027s JNDI LDAP endpoint.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Based on the conditions to be exploitable (see details below), the risk is much lower than Log4j 2.x and Red Hat has assessed this to be Moderate severity. This flaw has been filed for Log4j 1.x, and the corresponding flaw information for Log4j 2.x is available at: https://access.redhat.com/security/cve/CVE-2021-44228\n\nNote this flaw ONLY affects applications which are specifically configured to use JMSAppender, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSAppender to the attacker\u0027s JNDI LDAP endpoint. \n\nIf the Log4j configuration is set TopicBindingName or TopicConnectionFactoryBindingName configurations allowing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228 Log4j 2.x, Log4j 1.x is vulnerable. However, the attack vector is reduced as it depends on having write access, which is not a standard configuration rather than untrusted user input. These are sufficient factors beyond the attacker\u0027s control.\n\nThe tomcat package shipped with Red Hat Enterprise Linux does not include log4j but it does include a default configuration for log4j, log4j.properties, which could be used with tomcat if users choose to install and configure the library. The JMSAppender is not enabled by default, and the permissions of the file can only be modified as root.\n\nRed Hat Virtualization ships log4j12-1.2.17, but it is used and configured in a way which makes this flaw not possible to exploit. Therefore impact is rated Low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-4.7:openshift4/ose-metering-hadoop@sha256:03a4dd392453720b3950efa522682f5d07938c4d36e4269658c5a555afa403e7_amd64",
          "8Base-RHOSE-4.7:openshift4/ose-metering-presto@sha256:795baa6f38910a8c35d179b8449cd8df3ad7644b9a0a13dad8407519902037e9_amd64"
        ],
        "known_not_affected": [
          "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator-bundle@sha256:665d34bc3e69cda3c37699051cfee983cf14f6d5f67d56d949652230937dcc90_amd64",
          "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator@sha256:5a2aa59c1c7a1423ec5fa39eabfc0dfa41cea0db82c9fc1f5c2ce9923ee792f4_amd64",
          "8Base-RHOSE-4.7:openshift4/ose-metering-hive@sha256:3ae0917ca765603722b54a392bc5f1edc6c41b6c7d4c5eca95ed99c1d8af3d1c_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-4104"
        },
        {
          "category": "external",
          "summary": "RHBZ#2031667",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667"
        },
        {
          "category": "external",
          "summary": "RHSB-2021-009",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-4104",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126",
          "url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301",
          "url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx",
          "url": "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2021/12/13/1",
          "url": "https://www.openwall.com/lists/oss-security/2021/12/13/1"
        }
      ],
      "release_date": "2021-12-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-16T15:00:19+00:00",
          "details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
          "product_ids": [
            "8Base-RHOSE-4.7:openshift4/ose-metering-hadoop@sha256:03a4dd392453720b3950efa522682f5d07938c4d36e4269658c5a555afa403e7_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-presto@sha256:795baa6f38910a8c35d179b8449cd8df3ad7644b9a0a13dad8407519902037e9_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5107"
        },
        {
          "category": "workaround",
          "details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JMSAppender in the Log4j configuration if it is used\n- Remove the JMSAppender class from the classpath. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSAppender.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.",
          "product_ids": [
            "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator-bundle@sha256:665d34bc3e69cda3c37699051cfee983cf14f6d5f67d56d949652230937dcc90_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator@sha256:5a2aa59c1c7a1423ec5fa39eabfc0dfa41cea0db82c9fc1f5c2ce9923ee792f4_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-hadoop@sha256:03a4dd392453720b3950efa522682f5d07938c4d36e4269658c5a555afa403e7_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-hive@sha256:3ae0917ca765603722b54a392bc5f1edc6c41b6c7d4c5eca95ed99c1d8af3d1c_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-presto@sha256:795baa6f38910a8c35d179b8449cd8df3ad7644b9a0a13dad8407519902037e9_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator-bundle@sha256:665d34bc3e69cda3c37699051cfee983cf14f6d5f67d56d949652230937dcc90_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator@sha256:5a2aa59c1c7a1423ec5fa39eabfc0dfa41cea0db82c9fc1f5c2ce9923ee792f4_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-hadoop@sha256:03a4dd392453720b3950efa522682f5d07938c4d36e4269658c5a555afa403e7_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-hive@sha256:3ae0917ca765603722b54a392bc5f1edc6c41b6c7d4c5eca95ed99c1d8af3d1c_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-presto@sha256:795baa6f38910a8c35d179b8449cd8df3ad7644b9a0a13dad8407519902037e9_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender"
    },
    {
      "cve": "CVE-2021-44228",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-12-10T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator-bundle@sha256:665d34bc3e69cda3c37699051cfee983cf14f6d5f67d56d949652230937dcc90_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator@sha256:5a2aa59c1c7a1423ec5fa39eabfc0dfa41cea0db82c9fc1f5c2ce9923ee792f4_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-hadoop@sha256:03a4dd392453720b3950efa522682f5d07938c4d36e4269658c5a555afa403e7_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030932"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue only affects log4j versions between 2.0  and 2.14.1. In order to exploit this flaw you need:\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n\nIn Red Hat OpenShift Logging the vulnerable log4j library is shipped in the Elasticsearch components. Because Elasticsearch is not susceptible to remote code execution with this vulnerability due to use of the Java Security Manager and because access to these components is limited, the impact by this vulnerability is reduced to Moderate.\n\nAs per upstream applications using Log4j 1.x may be impacted by this flaw if their configuration uses JNDI. However, the risk is much lower. This flaw in Log4j 1.x is tracked via https://access.redhat.com/security/cve/CVE-2021-4104 and has been rated as having Moderate security impact.\n\nCodeReady Studio version 12.21.1 was released containing a fix for this vulnerability.\n\nThe following products are NOT affected by this flaw and have been explicitly listed here for the benefit of our customers.\n- Red Hat Enterprise Linux\n- Red Hat Advanced Cluster Management for Kubernetes \n- Red Hat Advanced Cluster Security for Kubernetes\n- Red Hat Ansible Automation Platform (Engine and Tower)\n- Red Hat Certificate System\n- Red Hat Directory Server\n- Red Hat Identity Management\n- Red Hat CloudForms \n- Red Hat Update Infrastructure\n- Red Hat Satellite\n- Red Hat Ceph Storage\n- Red Hat Gluster Storage\n- Red Hat OpenShift Data Foundation\n- Red Hat OpenStack Platform\n- Red Hat Virtualization\n- Red Hat Single Sign-On\n- Red Hat 3scale API Management",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-4.7:openshift4/ose-metering-hive@sha256:3ae0917ca765603722b54a392bc5f1edc6c41b6c7d4c5eca95ed99c1d8af3d1c_amd64",
          "8Base-RHOSE-4.7:openshift4/ose-metering-presto@sha256:795baa6f38910a8c35d179b8449cd8df3ad7644b9a0a13dad8407519902037e9_amd64"
        ],
        "known_not_affected": [
          "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator-bundle@sha256:665d34bc3e69cda3c37699051cfee983cf14f6d5f67d56d949652230937dcc90_amd64",
          "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator@sha256:5a2aa59c1c7a1423ec5fa39eabfc0dfa41cea0db82c9fc1f5c2ce9923ee792f4_amd64",
          "8Base-RHOSE-4.7:openshift4/ose-metering-hadoop@sha256:03a4dd392453720b3950efa522682f5d07938c4d36e4269658c5a555afa403e7_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030932",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
        },
        {
          "category": "external",
          "summary": "RHSB-2021-009",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q",
          "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.lunasec.io/docs/blog/log4j-zero-day/",
          "url": "https://www.lunasec.io/docs/blog/log4j-zero-day/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-10T02:01:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-16T15:00:19+00:00",
          "details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
          "product_ids": [
            "8Base-RHOSE-4.7:openshift4/ose-metering-hive@sha256:3ae0917ca765603722b54a392bc5f1edc6c41b6c7d4c5eca95ed99c1d8af3d1c_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-presto@sha256:795baa6f38910a8c35d179b8449cd8df3ad7644b9a0a13dad8407519902037e9_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5107"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions \u003e=2.10\nset the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true\n\nFor Log4j versions \u003e=2.7 and \u003c=2.14.1\nall PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m\n\nFor Log4j versions \u003e=2.0-beta9 and \u003c=2.10.0\nremove the JndiLookup class from the classpath. For example: \n```\nzip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\n```\n\nOn OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421\n\nOn OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441",
          "product_ids": [
            "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator-bundle@sha256:665d34bc3e69cda3c37699051cfee983cf14f6d5f67d56d949652230937dcc90_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator@sha256:5a2aa59c1c7a1423ec5fa39eabfc0dfa41cea0db82c9fc1f5c2ce9923ee792f4_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-hadoop@sha256:03a4dd392453720b3950efa522682f5d07938c4d36e4269658c5a555afa403e7_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-hive@sha256:3ae0917ca765603722b54a392bc5f1edc6c41b6c7d4c5eca95ed99c1d8af3d1c_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-presto@sha256:795baa6f38910a8c35d179b8449cd8df3ad7644b9a0a13dad8407519902037e9_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator-bundle@sha256:665d34bc3e69cda3c37699051cfee983cf14f6d5f67d56d949652230937dcc90_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator@sha256:5a2aa59c1c7a1423ec5fa39eabfc0dfa41cea0db82c9fc1f5c2ce9923ee792f4_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-hadoop@sha256:03a4dd392453720b3950efa522682f5d07938c4d36e4269658c5a555afa403e7_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-hive@sha256:3ae0917ca765603722b54a392bc5f1edc6c41b6c7d4c5eca95ed99c1d8af3d1c_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-presto@sha256:795baa6f38910a8c35d179b8449cd8df3ad7644b9a0a13dad8407519902037e9_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2021-12-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value"
    },
    {
      "cve": "CVE-2021-45046",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-12-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator-bundle@sha256:665d34bc3e69cda3c37699051cfee983cf14f6d5f67d56d949652230937dcc90_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator@sha256:5a2aa59c1c7a1423ec5fa39eabfc0dfa41cea0db82c9fc1f5c2ce9923ee792f4_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-hadoop@sha256:03a4dd392453720b3950efa522682f5d07938c4d36e4269658c5a555afa403e7_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2032580"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-4.7:openshift4/ose-metering-hive@sha256:3ae0917ca765603722b54a392bc5f1edc6c41b6c7d4c5eca95ed99c1d8af3d1c_amd64",
          "8Base-RHOSE-4.7:openshift4/ose-metering-presto@sha256:795baa6f38910a8c35d179b8449cd8df3ad7644b9a0a13dad8407519902037e9_amd64"
        ],
        "known_not_affected": [
          "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator-bundle@sha256:665d34bc3e69cda3c37699051cfee983cf14f6d5f67d56d949652230937dcc90_amd64",
          "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator@sha256:5a2aa59c1c7a1423ec5fa39eabfc0dfa41cea0db82c9fc1f5c2ce9923ee792f4_amd64",
          "8Base-RHOSE-4.7:openshift4/ose-metering-hadoop@sha256:03a4dd392453720b3950efa522682f5d07938c4d36e4269658c5a555afa403e7_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "RHBZ#2032580",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/cve/CVE-2021-44228",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4",
          "url": "https://www.openwall.com/lists/oss-security/2021/12/14/4"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-16T15:00:19+00:00",
          "details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
          "product_ids": [
            "8Base-RHOSE-4.7:openshift4/ose-metering-hive@sha256:3ae0917ca765603722b54a392bc5f1edc6c41b6c7d4c5eca95ed99c1d8af3d1c_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-presto@sha256:795baa6f38910a8c35d179b8449cd8df3ad7644b9a0a13dad8407519902037e9_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5107"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).",
          "product_ids": [
            "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator-bundle@sha256:665d34bc3e69cda3c37699051cfee983cf14f6d5f67d56d949652230937dcc90_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator@sha256:5a2aa59c1c7a1423ec5fa39eabfc0dfa41cea0db82c9fc1f5c2ce9923ee792f4_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-hadoop@sha256:03a4dd392453720b3950efa522682f5d07938c4d36e4269658c5a555afa403e7_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-hive@sha256:3ae0917ca765603722b54a392bc5f1edc6c41b6c7d4c5eca95ed99c1d8af3d1c_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-presto@sha256:795baa6f38910a8c35d179b8449cd8df3ad7644b9a0a13dad8407519902037e9_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator-bundle@sha256:665d34bc3e69cda3c37699051cfee983cf14f6d5f67d56d949652230937dcc90_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator@sha256:5a2aa59c1c7a1423ec5fa39eabfc0dfa41cea0db82c9fc1f5c2ce9923ee792f4_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-hadoop@sha256:03a4dd392453720b3950efa522682f5d07938c4d36e4269658c5a555afa403e7_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-hive@sha256:3ae0917ca765603722b54a392bc5f1edc6c41b6c7d4c5eca95ed99c1d8af3d1c_amd64",
            "8Base-RHOSE-4.7:openshift4/ose-metering-presto@sha256:795baa6f38910a8c35d179b8449cd8df3ad7644b9a0a13dad8407519902037e9_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-05-01T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)"
    }
  ]
}

RHSA-2021:5108

Vulnerability from csaf_redhat - Published: 2021-12-14 15:09 - Updated: 2026-04-01 18:52

Summary

Red Hat Security Advisory: OpenShift Container Platform 4.8.z security update

Severity

Critical

Notes

Topic: Red Hat OpenShift Container Platform release 4.8.z is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-44228

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Vendor Fix For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html https://access.redhat.com/errata/RHSA-2021:5108

Workaround For Log4j versions >=2.10 set the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true For Log4j versions >=2.7 and <=2.14.1 all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m For Log4j versions >=2.0-beta9 and <=2.10.0 remove the JndiLookup class from the classpath. For example: ``` zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ``` On OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421 On OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441

CVE-2021-45046

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Vendor Fix For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html https://access.redhat.com/errata/RHSA-2021:5108

Workaround For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).

References

URL

Category

	https://access.redhat.com/errata/RHSA-2021:5108	self
	https://access.redhat.com/security/updates/classi…	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2021-44228	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://www.cve.org/CVERecord?id=CVE-2021-44228	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-44228	external
	https://github.com/advisories/GHSA-jfh8-c2jp-5v3q	external
	https://logging.apache.org/log4j/2.x/security.html	external
	https://www.lunasec.io/docs/blog/log4j-zero-day/	external
	https://www.cisa.gov/known-exploited-vulnerabilit…	external
	https://access.redhat.com/security/cve/CVE-2021-45046	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2032580	external
	https://www.cve.org/CVERecord?id=CVE-2021-45046	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-45046	external
	https://access.redhat.com/security/cve/CVE-2021-44228	external
	https://www.openwall.com/lists/oss-security/2021/…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Container Platform release 4.8.z is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an\nattacker-controlled string value (CVE-2021-44228)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s)\nlisted in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:5108",
        "url": "https://access.redhat.com/errata/RHSA-2021:5108"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
      },
      {
        "category": "external",
        "summary": "2030932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_5108.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 4.8.z security update",
    "tracking": {
      "current_release_date": "2026-04-01T18:52:52+00:00",
      "generator": {
        "date": "2026-04-01T18:52:52+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.4"
        }
      },
      "id": "RHSA-2021:5108",
      "initial_release_date": "2021-12-14T15:09:31+00:00",
      "revision_history": [
        {
          "date": "2021-12-14T15:09:31+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-12-14T15:09:31+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-01T18:52:52+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 4.8",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.8",
                  "product_id": "8Base-RHOSE-4.8",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:4.8::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift4/ose-metering-hive@sha256:7518a86bfa6ccd14de18dcd833fa9dfee36a3707e70e9ffa2218264bac6e7794_amd64",
                "product": {
                  "name": "openshift4/ose-metering-hive@sha256:7518a86bfa6ccd14de18dcd833fa9dfee36a3707e70e9ffa2218264bac6e7794_amd64",
                  "product_id": "openshift4/ose-metering-hive@sha256:7518a86bfa6ccd14de18dcd833fa9dfee36a3707e70e9ffa2218264bac6e7794_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ose-metering-hive@sha256:7518a86bfa6ccd14de18dcd833fa9dfee36a3707e70e9ffa2218264bac6e7794?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-hive\u0026tag=v4.8.0-202112132154.p0.g57dd03a.assembly.stream"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift4/ose-metering-ansible-operator@sha256:bae1a96311e2cac42a709789181bef11f7edf3b8c8feccbbc55552c2c14ea80d_amd64",
                "product": {
                  "name": "openshift4/ose-metering-ansible-operator@sha256:bae1a96311e2cac42a709789181bef11f7edf3b8c8feccbbc55552c2c14ea80d_amd64",
                  "product_id": "openshift4/ose-metering-ansible-operator@sha256:bae1a96311e2cac42a709789181bef11f7edf3b8c8feccbbc55552c2c14ea80d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ose-metering-ansible-operator@sha256:bae1a96311e2cac42a709789181bef11f7edf3b8c8feccbbc55552c2c14ea80d?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-ansible-operator\u0026tag=v4.8.0-202112132154.p0.g0d7ecfb.assembly.stream"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift4/ose-metering-ansible-operator-bundle@sha256:3b7c190204a5ffb038b60b80e2096a7fab508dfeafdafeff71e755802265e70a_amd64",
                "product": {
                  "name": "openshift4/ose-metering-ansible-operator-bundle@sha256:3b7c190204a5ffb038b60b80e2096a7fab508dfeafdafeff71e755802265e70a_amd64",
                  "product_id": "openshift4/ose-metering-ansible-operator-bundle@sha256:3b7c190204a5ffb038b60b80e2096a7fab508dfeafdafeff71e755802265e70a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ose-metering-ansible-operator-bundle@sha256:3b7c190204a5ffb038b60b80e2096a7fab508dfeafdafeff71e755802265e70a?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-ansible-operator-bundle\u0026tag=v4.8.0.202112132154.p0.g0d7ecfb.assembly.stream-1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift4/ose-metering-ansible-operator-bundle@sha256:3b7c190204a5ffb038b60b80e2096a7fab508dfeafdafeff71e755802265e70a_amd64 as a component of Red Hat OpenShift Container Platform 4.8",
          "product_id": "8Base-RHOSE-4.8:openshift4/ose-metering-ansible-operator-bundle@sha256:3b7c190204a5ffb038b60b80e2096a7fab508dfeafdafeff71e755802265e70a_amd64"
        },
        "product_reference": "openshift4/ose-metering-ansible-operator-bundle@sha256:3b7c190204a5ffb038b60b80e2096a7fab508dfeafdafeff71e755802265e70a_amd64",
        "relates_to_product_reference": "8Base-RHOSE-4.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift4/ose-metering-ansible-operator@sha256:bae1a96311e2cac42a709789181bef11f7edf3b8c8feccbbc55552c2c14ea80d_amd64 as a component of Red Hat OpenShift Container Platform 4.8",
          "product_id": "8Base-RHOSE-4.8:openshift4/ose-metering-ansible-operator@sha256:bae1a96311e2cac42a709789181bef11f7edf3b8c8feccbbc55552c2c14ea80d_amd64"
        },
        "product_reference": "openshift4/ose-metering-ansible-operator@sha256:bae1a96311e2cac42a709789181bef11f7edf3b8c8feccbbc55552c2c14ea80d_amd64",
        "relates_to_product_reference": "8Base-RHOSE-4.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift4/ose-metering-hive@sha256:7518a86bfa6ccd14de18dcd833fa9dfee36a3707e70e9ffa2218264bac6e7794_amd64 as a component of Red Hat OpenShift Container Platform 4.8",
          "product_id": "8Base-RHOSE-4.8:openshift4/ose-metering-hive@sha256:7518a86bfa6ccd14de18dcd833fa9dfee36a3707e70e9ffa2218264bac6e7794_amd64"
        },
        "product_reference": "openshift4/ose-metering-hive@sha256:7518a86bfa6ccd14de18dcd833fa9dfee36a3707e70e9ffa2218264bac6e7794_amd64",
        "relates_to_product_reference": "8Base-RHOSE-4.8"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-44228",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-12-10T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOSE-4.8:openshift4/ose-metering-ansible-operator-bundle@sha256:3b7c190204a5ffb038b60b80e2096a7fab508dfeafdafeff71e755802265e70a_amd64",
            "8Base-RHOSE-4.8:openshift4/ose-metering-ansible-operator@sha256:bae1a96311e2cac42a709789181bef11f7edf3b8c8feccbbc55552c2c14ea80d_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030932"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue only affects log4j versions between 2.0  and 2.14.1. In order to exploit this flaw you need:\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n\nIn Red Hat OpenShift Logging the vulnerable log4j library is shipped in the Elasticsearch components. Because Elasticsearch is not susceptible to remote code execution with this vulnerability due to use of the Java Security Manager and because access to these components is limited, the impact by this vulnerability is reduced to Moderate.\n\nAs per upstream applications using Log4j 1.x may be impacted by this flaw if their configuration uses JNDI. However, the risk is much lower. This flaw in Log4j 1.x is tracked via https://access.redhat.com/security/cve/CVE-2021-4104 and has been rated as having Moderate security impact.\n\nCodeReady Studio version 12.21.1 was released containing a fix for this vulnerability.\n\nThe following products are NOT affected by this flaw and have been explicitly listed here for the benefit of our customers.\n- Red Hat Enterprise Linux\n- Red Hat Advanced Cluster Management for Kubernetes \n- Red Hat Advanced Cluster Security for Kubernetes\n- Red Hat Ansible Automation Platform (Engine and Tower)\n- Red Hat Certificate System\n- Red Hat Directory Server\n- Red Hat Identity Management\n- Red Hat CloudForms \n- Red Hat Update Infrastructure\n- Red Hat Satellite\n- Red Hat Ceph Storage\n- Red Hat Gluster Storage\n- Red Hat OpenShift Data Foundation\n- Red Hat OpenStack Platform\n- Red Hat Virtualization\n- Red Hat Single Sign-On\n- Red Hat 3scale API Management",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-4.8:openshift4/ose-metering-hive@sha256:7518a86bfa6ccd14de18dcd833fa9dfee36a3707e70e9ffa2218264bac6e7794_amd64"
        ],
        "known_not_affected": [
          "8Base-RHOSE-4.8:openshift4/ose-metering-ansible-operator-bundle@sha256:3b7c190204a5ffb038b60b80e2096a7fab508dfeafdafeff71e755802265e70a_amd64",
          "8Base-RHOSE-4.8:openshift4/ose-metering-ansible-operator@sha256:bae1a96311e2cac42a709789181bef11f7edf3b8c8feccbbc55552c2c14ea80d_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030932",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
        },
        {
          "category": "external",
          "summary": "RHSB-2021-009",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q",
          "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.lunasec.io/docs/blog/log4j-zero-day/",
          "url": "https://www.lunasec.io/docs/blog/log4j-zero-day/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-10T02:01:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T15:09:31+00:00",
          "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
          "product_ids": [
            "8Base-RHOSE-4.8:openshift4/ose-metering-hive@sha256:7518a86bfa6ccd14de18dcd833fa9dfee36a3707e70e9ffa2218264bac6e7794_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5108"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions \u003e=2.10\nset the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true\n\nFor Log4j versions \u003e=2.7 and \u003c=2.14.1\nall PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m\n\nFor Log4j versions \u003e=2.0-beta9 and \u003c=2.10.0\nremove the JndiLookup class from the classpath. For example: \n```\nzip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\n```\n\nOn OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421\n\nOn OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441",
          "product_ids": [
            "8Base-RHOSE-4.8:openshift4/ose-metering-ansible-operator-bundle@sha256:3b7c190204a5ffb038b60b80e2096a7fab508dfeafdafeff71e755802265e70a_amd64",
            "8Base-RHOSE-4.8:openshift4/ose-metering-ansible-operator@sha256:bae1a96311e2cac42a709789181bef11f7edf3b8c8feccbbc55552c2c14ea80d_amd64",
            "8Base-RHOSE-4.8:openshift4/ose-metering-hive@sha256:7518a86bfa6ccd14de18dcd833fa9dfee36a3707e70e9ffa2218264bac6e7794_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-4.8:openshift4/ose-metering-ansible-operator-bundle@sha256:3b7c190204a5ffb038b60b80e2096a7fab508dfeafdafeff71e755802265e70a_amd64",
            "8Base-RHOSE-4.8:openshift4/ose-metering-ansible-operator@sha256:bae1a96311e2cac42a709789181bef11f7edf3b8c8feccbbc55552c2c14ea80d_amd64",
            "8Base-RHOSE-4.8:openshift4/ose-metering-hive@sha256:7518a86bfa6ccd14de18dcd833fa9dfee36a3707e70e9ffa2218264bac6e7794_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2021-12-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value"
    },
    {
      "cve": "CVE-2021-45046",
      "cwe": {
        "id": "CWE-917",
        "name": "Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)"
      },
      "discovery_date": "2021-12-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOSE-4.8:openshift4/ose-metering-ansible-operator-bundle@sha256:3b7c190204a5ffb038b60b80e2096a7fab508dfeafdafeff71e755802265e70a_amd64",
            "8Base-RHOSE-4.8:openshift4/ose-metering-ansible-operator@sha256:bae1a96311e2cac42a709789181bef11f7edf3b8c8feccbbc55552c2c14ea80d_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2032580"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-4.8:openshift4/ose-metering-hive@sha256:7518a86bfa6ccd14de18dcd833fa9dfee36a3707e70e9ffa2218264bac6e7794_amd64"
        ],
        "known_not_affected": [
          "8Base-RHOSE-4.8:openshift4/ose-metering-ansible-operator-bundle@sha256:3b7c190204a5ffb038b60b80e2096a7fab508dfeafdafeff71e755802265e70a_amd64",
          "8Base-RHOSE-4.8:openshift4/ose-metering-ansible-operator@sha256:bae1a96311e2cac42a709789181bef11f7edf3b8c8feccbbc55552c2c14ea80d_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "RHBZ#2032580",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/cve/CVE-2021-44228",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4",
          "url": "https://www.openwall.com/lists/oss-security/2021/12/14/4"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T15:09:31+00:00",
          "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
          "product_ids": [
            "8Base-RHOSE-4.8:openshift4/ose-metering-hive@sha256:7518a86bfa6ccd14de18dcd833fa9dfee36a3707e70e9ffa2218264bac6e7794_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5108"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).",
          "product_ids": [
            "8Base-RHOSE-4.8:openshift4/ose-metering-ansible-operator-bundle@sha256:3b7c190204a5ffb038b60b80e2096a7fab508dfeafdafeff71e755802265e70a_amd64",
            "8Base-RHOSE-4.8:openshift4/ose-metering-ansible-operator@sha256:bae1a96311e2cac42a709789181bef11f7edf3b8c8feccbbc55552c2c14ea80d_amd64",
            "8Base-RHOSE-4.8:openshift4/ose-metering-hive@sha256:7518a86bfa6ccd14de18dcd833fa9dfee36a3707e70e9ffa2218264bac6e7794_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-4.8:openshift4/ose-metering-ansible-operator-bundle@sha256:3b7c190204a5ffb038b60b80e2096a7fab508dfeafdafeff71e755802265e70a_amd64",
            "8Base-RHOSE-4.8:openshift4/ose-metering-ansible-operator@sha256:bae1a96311e2cac42a709789181bef11f7edf3b8c8feccbbc55552c2c14ea80d_amd64",
            "8Base-RHOSE-4.8:openshift4/ose-metering-hive@sha256:7518a86bfa6ccd14de18dcd833fa9dfee36a3707e70e9ffa2218264bac6e7794_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-05-01T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)"
    }
  ]
}

RHSA-2021:5106

Vulnerability from csaf_redhat - Published: 2021-12-16 06:12 - Updated: 2026-04-01 18:52

Summary

Red Hat Security Advisory: OpenShift Container Platform 4.6.z security update

Severity

Critical

Notes

Topic: An update is now available for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) * log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-44228

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Vendor Fix For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html https://access.redhat.com/errata/RHSA-2021:5106

Workaround For Log4j versions >=2.10 set the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true For Log4j versions >=2.7 and <=2.14.1 all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m For Log4j versions >=2.0-beta9 and <=2.10.0 remove the JndiLookup class from the classpath. For example: ``` zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ``` On OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421 On OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441

CVE-2021-45046

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Vendor Fix For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html https://access.redhat.com/errata/RHSA-2021:5106

Workaround For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).

References

URL

Category

	https://access.redhat.com/errata/RHSA-2021:5106	self
	https://access.redhat.com/security/updates/classi…	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2032580	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2021-44228	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://www.cve.org/CVERecord?id=CVE-2021-44228	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-44228	external
	https://github.com/advisories/GHSA-jfh8-c2jp-5v3q	external
	https://logging.apache.org/log4j/2.x/security.html	external
	https://www.lunasec.io/docs/blog/log4j-zero-day/	external
	https://www.cisa.gov/known-exploited-vulnerabilit…	external
	https://access.redhat.com/security/cve/CVE-2021-45046	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2032580	external
	https://www.cve.org/CVERecord?id=CVE-2021-45046	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-45046	external
	https://access.redhat.com/security/cve/CVE-2021-44228	external
	https://www.openwall.com/lists/oss-security/2021/…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat OpenShift Container Platform 4.6.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:5106",
        "url": "https://access.redhat.com/errata/RHSA-2021:5106"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
      },
      {
        "category": "external",
        "summary": "2030932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
      },
      {
        "category": "external",
        "summary": "2032580",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_5106.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 4.6.z security update",
    "tracking": {
      "current_release_date": "2026-04-01T18:52:51+00:00",
      "generator": {
        "date": "2026-04-01T18:52:51+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.4"
        }
      },
      "id": "RHSA-2021:5106",
      "initial_release_date": "2021-12-16T06:12:27+00:00",
      "revision_history": [
        {
          "date": "2021-12-16T06:12:27+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-12-16T06:12:27+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-01T18:52:51+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 4.6",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.6",
                  "product_id": "8Base-RHOSE-4.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:4.6::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift4/ose-elasticsearch-operator@sha256:d0916cd9a19901ff6c8b24f0f27db9e9f9322f8fc6eb9e773c4b43fe98800416_s390x",
                "product": {
                  "name": "openshift4/ose-elasticsearch-operator@sha256:d0916cd9a19901ff6c8b24f0f27db9e9f9322f8fc6eb9e773c4b43fe98800416_s390x",
                  "product_id": "openshift4/ose-elasticsearch-operator@sha256:d0916cd9a19901ff6c8b24f0f27db9e9f9322f8fc6eb9e773c4b43fe98800416_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ose-elasticsearch-operator@sha256:d0916cd9a19901ff6c8b24f0f27db9e9f9322f8fc6eb9e773c4b43fe98800416?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-elasticsearch-operator\u0026tag=v4.6.0-202112140939.p0.gd421c69.assembly.art3594"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift4/ose-logging-elasticsearch6@sha256:416510e6e489dfb1ab1f0b2091015dcb0adac637ed37f1e18d30f128c45b93d2_s390x",
                "product": {
                  "name": "openshift4/ose-logging-elasticsearch6@sha256:416510e6e489dfb1ab1f0b2091015dcb0adac637ed37f1e18d30f128c45b93d2_s390x",
                  "product_id": "openshift4/ose-logging-elasticsearch6@sha256:416510e6e489dfb1ab1f0b2091015dcb0adac637ed37f1e18d30f128c45b93d2_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ose-logging-elasticsearch6@sha256:416510e6e489dfb1ab1f0b2091015dcb0adac637ed37f1e18d30f128c45b93d2?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-logging-elasticsearch6\u0026tag=v4.6.0-202112132021.p0.g2a13a81.assembly.stream"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift4/ose-elasticsearch-operator@sha256:dfd7356ce68d9ff2498655c07b7d700872185597c0c2855d6721acb2ae5e6b5c_ppc64le",
                "product": {
                  "name": "openshift4/ose-elasticsearch-operator@sha256:dfd7356ce68d9ff2498655c07b7d700872185597c0c2855d6721acb2ae5e6b5c_ppc64le",
                  "product_id": "openshift4/ose-elasticsearch-operator@sha256:dfd7356ce68d9ff2498655c07b7d700872185597c0c2855d6721acb2ae5e6b5c_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ose-elasticsearch-operator@sha256:dfd7356ce68d9ff2498655c07b7d700872185597c0c2855d6721acb2ae5e6b5c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-elasticsearch-operator\u0026tag=v4.6.0-202112140939.p0.gd421c69.assembly.art3594"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift4/ose-logging-elasticsearch6@sha256:ebc6a802dc110dddaae352c3a142fbeae1169d5c35fc0f77ef7e64b810c863af_ppc64le",
                "product": {
                  "name": "openshift4/ose-logging-elasticsearch6@sha256:ebc6a802dc110dddaae352c3a142fbeae1169d5c35fc0f77ef7e64b810c863af_ppc64le",
                  "product_id": "openshift4/ose-logging-elasticsearch6@sha256:ebc6a802dc110dddaae352c3a142fbeae1169d5c35fc0f77ef7e64b810c863af_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ose-logging-elasticsearch6@sha256:ebc6a802dc110dddaae352c3a142fbeae1169d5c35fc0f77ef7e64b810c863af?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-logging-elasticsearch6\u0026tag=v4.6.0-202112132021.p0.g2a13a81.assembly.stream"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift4/ose-elasticsearch-operator@sha256:8db02b3087c2c89bafaf6896d67462af54e77ba3c2fb299a84ab7886f1b92ce1_amd64",
                "product": {
                  "name": "openshift4/ose-elasticsearch-operator@sha256:8db02b3087c2c89bafaf6896d67462af54e77ba3c2fb299a84ab7886f1b92ce1_amd64",
                  "product_id": "openshift4/ose-elasticsearch-operator@sha256:8db02b3087c2c89bafaf6896d67462af54e77ba3c2fb299a84ab7886f1b92ce1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ose-elasticsearch-operator@sha256:8db02b3087c2c89bafaf6896d67462af54e77ba3c2fb299a84ab7886f1b92ce1?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-elasticsearch-operator\u0026tag=v4.6.0-202112140939.p0.gd421c69.assembly.art3594"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift4/ose-elasticsearch-operator-bundle@sha256:b0b6c17769c6ec87496d14b2bcfbfbd035782671bbf6e6934dc2f240f1033902_amd64",
                "product": {
                  "name": "openshift4/ose-elasticsearch-operator-bundle@sha256:b0b6c17769c6ec87496d14b2bcfbfbd035782671bbf6e6934dc2f240f1033902_amd64",
                  "product_id": "openshift4/ose-elasticsearch-operator-bundle@sha256:b0b6c17769c6ec87496d14b2bcfbfbd035782671bbf6e6934dc2f240f1033902_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ose-elasticsearch-operator-bundle@sha256:b0b6c17769c6ec87496d14b2bcfbfbd035782671bbf6e6934dc2f240f1033902?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-elasticsearch-operator-bundle\u0026tag=v4.6.0.202112140939.p0.gd421c69.assembly.art3594-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift4/ose-metering-hive@sha256:2a8670a968b37e04539c052b399e539d60a006bdf4e46d5066bc04530da8f532_amd64",
                "product": {
                  "name": "openshift4/ose-metering-hive@sha256:2a8670a968b37e04539c052b399e539d60a006bdf4e46d5066bc04530da8f532_amd64",
                  "product_id": "openshift4/ose-metering-hive@sha256:2a8670a968b37e04539c052b399e539d60a006bdf4e46d5066bc04530da8f532_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ose-metering-hive@sha256:2a8670a968b37e04539c052b399e539d60a006bdf4e46d5066bc04530da8f532?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-hive\u0026tag=v4.6.0-202112140546.p0.g8b9da97.assembly.stream"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift4/ose-logging-elasticsearch6@sha256:8b0d423982c960d81f8e1ade8482ba064507863283aec360ac63f31f0ffdb24f_amd64",
                "product": {
                  "name": "openshift4/ose-logging-elasticsearch6@sha256:8b0d423982c960d81f8e1ade8482ba064507863283aec360ac63f31f0ffdb24f_amd64",
                  "product_id": "openshift4/ose-logging-elasticsearch6@sha256:8b0d423982c960d81f8e1ade8482ba064507863283aec360ac63f31f0ffdb24f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ose-logging-elasticsearch6@sha256:8b0d423982c960d81f8e1ade8482ba064507863283aec360ac63f31f0ffdb24f?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-logging-elasticsearch6\u0026tag=v4.6.0-202112132021.p0.g2a13a81.assembly.stream"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift4/ose-metering-ansible-operator@sha256:fc3a7d606162c571647e0a4f6184091eddc1fe360e93d7692d1195559a7a74db_amd64",
                "product": {
                  "name": "openshift4/ose-metering-ansible-operator@sha256:fc3a7d606162c571647e0a4f6184091eddc1fe360e93d7692d1195559a7a74db_amd64",
                  "product_id": "openshift4/ose-metering-ansible-operator@sha256:fc3a7d606162c571647e0a4f6184091eddc1fe360e93d7692d1195559a7a74db_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ose-metering-ansible-operator@sha256:fc3a7d606162c571647e0a4f6184091eddc1fe360e93d7692d1195559a7a74db?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-ansible-operator\u0026tag=v4.6.0-202112140831.p0.gd74112d.assembly.art3594"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift4/ose-metering-ansible-operator-bundle@sha256:7c67b7bcdc6e35f38905aff84f007a2b77c727836f256a0c038934ab62c7011e_amd64",
                "product": {
                  "name": "openshift4/ose-metering-ansible-operator-bundle@sha256:7c67b7bcdc6e35f38905aff84f007a2b77c727836f256a0c038934ab62c7011e_amd64",
                  "product_id": "openshift4/ose-metering-ansible-operator-bundle@sha256:7c67b7bcdc6e35f38905aff84f007a2b77c727836f256a0c038934ab62c7011e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ose-metering-ansible-operator-bundle@sha256:7c67b7bcdc6e35f38905aff84f007a2b77c727836f256a0c038934ab62c7011e?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-ansible-operator-bundle\u0026tag=v4.6.0.202112140831.p0.gd74112d.assembly.art3594-1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift4/ose-elasticsearch-operator-bundle@sha256:b0b6c17769c6ec87496d14b2bcfbfbd035782671bbf6e6934dc2f240f1033902_amd64 as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator-bundle@sha256:b0b6c17769c6ec87496d14b2bcfbfbd035782671bbf6e6934dc2f240f1033902_amd64"
        },
        "product_reference": "openshift4/ose-elasticsearch-operator-bundle@sha256:b0b6c17769c6ec87496d14b2bcfbfbd035782671bbf6e6934dc2f240f1033902_amd64",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift4/ose-elasticsearch-operator@sha256:8db02b3087c2c89bafaf6896d67462af54e77ba3c2fb299a84ab7886f1b92ce1_amd64 as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:8db02b3087c2c89bafaf6896d67462af54e77ba3c2fb299a84ab7886f1b92ce1_amd64"
        },
        "product_reference": "openshift4/ose-elasticsearch-operator@sha256:8db02b3087c2c89bafaf6896d67462af54e77ba3c2fb299a84ab7886f1b92ce1_amd64",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift4/ose-elasticsearch-operator@sha256:d0916cd9a19901ff6c8b24f0f27db9e9f9322f8fc6eb9e773c4b43fe98800416_s390x as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:d0916cd9a19901ff6c8b24f0f27db9e9f9322f8fc6eb9e773c4b43fe98800416_s390x"
        },
        "product_reference": "openshift4/ose-elasticsearch-operator@sha256:d0916cd9a19901ff6c8b24f0f27db9e9f9322f8fc6eb9e773c4b43fe98800416_s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift4/ose-elasticsearch-operator@sha256:dfd7356ce68d9ff2498655c07b7d700872185597c0c2855d6721acb2ae5e6b5c_ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:dfd7356ce68d9ff2498655c07b7d700872185597c0c2855d6721acb2ae5e6b5c_ppc64le"
        },
        "product_reference": "openshift4/ose-elasticsearch-operator@sha256:dfd7356ce68d9ff2498655c07b7d700872185597c0c2855d6721acb2ae5e6b5c_ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift4/ose-logging-elasticsearch6@sha256:416510e6e489dfb1ab1f0b2091015dcb0adac637ed37f1e18d30f128c45b93d2_s390x as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:416510e6e489dfb1ab1f0b2091015dcb0adac637ed37f1e18d30f128c45b93d2_s390x"
        },
        "product_reference": "openshift4/ose-logging-elasticsearch6@sha256:416510e6e489dfb1ab1f0b2091015dcb0adac637ed37f1e18d30f128c45b93d2_s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift4/ose-logging-elasticsearch6@sha256:8b0d423982c960d81f8e1ade8482ba064507863283aec360ac63f31f0ffdb24f_amd64 as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:8b0d423982c960d81f8e1ade8482ba064507863283aec360ac63f31f0ffdb24f_amd64"
        },
        "product_reference": "openshift4/ose-logging-elasticsearch6@sha256:8b0d423982c960d81f8e1ade8482ba064507863283aec360ac63f31f0ffdb24f_amd64",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift4/ose-logging-elasticsearch6@sha256:ebc6a802dc110dddaae352c3a142fbeae1169d5c35fc0f77ef7e64b810c863af_ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:ebc6a802dc110dddaae352c3a142fbeae1169d5c35fc0f77ef7e64b810c863af_ppc64le"
        },
        "product_reference": "openshift4/ose-logging-elasticsearch6@sha256:ebc6a802dc110dddaae352c3a142fbeae1169d5c35fc0f77ef7e64b810c863af_ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift4/ose-metering-ansible-operator-bundle@sha256:7c67b7bcdc6e35f38905aff84f007a2b77c727836f256a0c038934ab62c7011e_amd64 as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator-bundle@sha256:7c67b7bcdc6e35f38905aff84f007a2b77c727836f256a0c038934ab62c7011e_amd64"
        },
        "product_reference": "openshift4/ose-metering-ansible-operator-bundle@sha256:7c67b7bcdc6e35f38905aff84f007a2b77c727836f256a0c038934ab62c7011e_amd64",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift4/ose-metering-ansible-operator@sha256:fc3a7d606162c571647e0a4f6184091eddc1fe360e93d7692d1195559a7a74db_amd64 as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:fc3a7d606162c571647e0a4f6184091eddc1fe360e93d7692d1195559a7a74db_amd64"
        },
        "product_reference": "openshift4/ose-metering-ansible-operator@sha256:fc3a7d606162c571647e0a4f6184091eddc1fe360e93d7692d1195559a7a74db_amd64",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift4/ose-metering-hive@sha256:2a8670a968b37e04539c052b399e539d60a006bdf4e46d5066bc04530da8f532_amd64 as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-hive@sha256:2a8670a968b37e04539c052b399e539d60a006bdf4e46d5066bc04530da8f532_amd64"
        },
        "product_reference": "openshift4/ose-metering-hive@sha256:2a8670a968b37e04539c052b399e539d60a006bdf4e46d5066bc04530da8f532_amd64",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-44228",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-12-10T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator-bundle@sha256:b0b6c17769c6ec87496d14b2bcfbfbd035782671bbf6e6934dc2f240f1033902_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:8db02b3087c2c89bafaf6896d67462af54e77ba3c2fb299a84ab7886f1b92ce1_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:d0916cd9a19901ff6c8b24f0f27db9e9f9322f8fc6eb9e773c4b43fe98800416_s390x",
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:dfd7356ce68d9ff2498655c07b7d700872185597c0c2855d6721acb2ae5e6b5c_ppc64le",
            "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator-bundle@sha256:7c67b7bcdc6e35f38905aff84f007a2b77c727836f256a0c038934ab62c7011e_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:fc3a7d606162c571647e0a4f6184091eddc1fe360e93d7692d1195559a7a74db_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030932"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue only affects log4j versions between 2.0  and 2.14.1. In order to exploit this flaw you need:\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n\nIn Red Hat OpenShift Logging the vulnerable log4j library is shipped in the Elasticsearch components. Because Elasticsearch is not susceptible to remote code execution with this vulnerability due to use of the Java Security Manager and because access to these components is limited, the impact by this vulnerability is reduced to Moderate.\n\nAs per upstream applications using Log4j 1.x may be impacted by this flaw if their configuration uses JNDI. However, the risk is much lower. This flaw in Log4j 1.x is tracked via https://access.redhat.com/security/cve/CVE-2021-4104 and has been rated as having Moderate security impact.\n\nCodeReady Studio version 12.21.1 was released containing a fix for this vulnerability.\n\nThe following products are NOT affected by this flaw and have been explicitly listed here for the benefit of our customers.\n- Red Hat Enterprise Linux\n- Red Hat Advanced Cluster Management for Kubernetes \n- Red Hat Advanced Cluster Security for Kubernetes\n- Red Hat Ansible Automation Platform (Engine and Tower)\n- Red Hat Certificate System\n- Red Hat Directory Server\n- Red Hat Identity Management\n- Red Hat CloudForms \n- Red Hat Update Infrastructure\n- Red Hat Satellite\n- Red Hat Ceph Storage\n- Red Hat Gluster Storage\n- Red Hat OpenShift Data Foundation\n- Red Hat OpenStack Platform\n- Red Hat Virtualization\n- Red Hat Single Sign-On\n- Red Hat 3scale API Management",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:416510e6e489dfb1ab1f0b2091015dcb0adac637ed37f1e18d30f128c45b93d2_s390x",
          "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:8b0d423982c960d81f8e1ade8482ba064507863283aec360ac63f31f0ffdb24f_amd64",
          "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:ebc6a802dc110dddaae352c3a142fbeae1169d5c35fc0f77ef7e64b810c863af_ppc64le",
          "8Base-RHOSE-4.6:openshift4/ose-metering-hive@sha256:2a8670a968b37e04539c052b399e539d60a006bdf4e46d5066bc04530da8f532_amd64"
        ],
        "known_not_affected": [
          "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator-bundle@sha256:b0b6c17769c6ec87496d14b2bcfbfbd035782671bbf6e6934dc2f240f1033902_amd64",
          "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:8db02b3087c2c89bafaf6896d67462af54e77ba3c2fb299a84ab7886f1b92ce1_amd64",
          "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:d0916cd9a19901ff6c8b24f0f27db9e9f9322f8fc6eb9e773c4b43fe98800416_s390x",
          "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:dfd7356ce68d9ff2498655c07b7d700872185597c0c2855d6721acb2ae5e6b5c_ppc64le",
          "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator-bundle@sha256:7c67b7bcdc6e35f38905aff84f007a2b77c727836f256a0c038934ab62c7011e_amd64",
          "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:fc3a7d606162c571647e0a4f6184091eddc1fe360e93d7692d1195559a7a74db_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030932",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
        },
        {
          "category": "external",
          "summary": "RHSB-2021-009",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q",
          "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.lunasec.io/docs/blog/log4j-zero-day/",
          "url": "https://www.lunasec.io/docs/blog/log4j-zero-day/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-10T02:01:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-16T06:12:27+00:00",
          "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html",
          "product_ids": [
            "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:416510e6e489dfb1ab1f0b2091015dcb0adac637ed37f1e18d30f128c45b93d2_s390x",
            "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:8b0d423982c960d81f8e1ade8482ba064507863283aec360ac63f31f0ffdb24f_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:ebc6a802dc110dddaae352c3a142fbeae1169d5c35fc0f77ef7e64b810c863af_ppc64le",
            "8Base-RHOSE-4.6:openshift4/ose-metering-hive@sha256:2a8670a968b37e04539c052b399e539d60a006bdf4e46d5066bc04530da8f532_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5106"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions \u003e=2.10\nset the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true\n\nFor Log4j versions \u003e=2.7 and \u003c=2.14.1\nall PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m\n\nFor Log4j versions \u003e=2.0-beta9 and \u003c=2.10.0\nremove the JndiLookup class from the classpath. For example: \n```\nzip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\n```\n\nOn OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421\n\nOn OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441",
          "product_ids": [
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator-bundle@sha256:b0b6c17769c6ec87496d14b2bcfbfbd035782671bbf6e6934dc2f240f1033902_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:8db02b3087c2c89bafaf6896d67462af54e77ba3c2fb299a84ab7886f1b92ce1_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:d0916cd9a19901ff6c8b24f0f27db9e9f9322f8fc6eb9e773c4b43fe98800416_s390x",
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:dfd7356ce68d9ff2498655c07b7d700872185597c0c2855d6721acb2ae5e6b5c_ppc64le",
            "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:416510e6e489dfb1ab1f0b2091015dcb0adac637ed37f1e18d30f128c45b93d2_s390x",
            "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:8b0d423982c960d81f8e1ade8482ba064507863283aec360ac63f31f0ffdb24f_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:ebc6a802dc110dddaae352c3a142fbeae1169d5c35fc0f77ef7e64b810c863af_ppc64le",
            "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator-bundle@sha256:7c67b7bcdc6e35f38905aff84f007a2b77c727836f256a0c038934ab62c7011e_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:fc3a7d606162c571647e0a4f6184091eddc1fe360e93d7692d1195559a7a74db_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-metering-hive@sha256:2a8670a968b37e04539c052b399e539d60a006bdf4e46d5066bc04530da8f532_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator-bundle@sha256:b0b6c17769c6ec87496d14b2bcfbfbd035782671bbf6e6934dc2f240f1033902_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:8db02b3087c2c89bafaf6896d67462af54e77ba3c2fb299a84ab7886f1b92ce1_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:d0916cd9a19901ff6c8b24f0f27db9e9f9322f8fc6eb9e773c4b43fe98800416_s390x",
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:dfd7356ce68d9ff2498655c07b7d700872185597c0c2855d6721acb2ae5e6b5c_ppc64le",
            "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:416510e6e489dfb1ab1f0b2091015dcb0adac637ed37f1e18d30f128c45b93d2_s390x",
            "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:8b0d423982c960d81f8e1ade8482ba064507863283aec360ac63f31f0ffdb24f_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:ebc6a802dc110dddaae352c3a142fbeae1169d5c35fc0f77ef7e64b810c863af_ppc64le",
            "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator-bundle@sha256:7c67b7bcdc6e35f38905aff84f007a2b77c727836f256a0c038934ab62c7011e_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:fc3a7d606162c571647e0a4f6184091eddc1fe360e93d7692d1195559a7a74db_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-metering-hive@sha256:2a8670a968b37e04539c052b399e539d60a006bdf4e46d5066bc04530da8f532_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2021-12-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value"
    },
    {
      "cve": "CVE-2021-45046",
      "cwe": {
        "id": "CWE-917",
        "name": "Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)"
      },
      "discovery_date": "2021-12-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator-bundle@sha256:b0b6c17769c6ec87496d14b2bcfbfbd035782671bbf6e6934dc2f240f1033902_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:8db02b3087c2c89bafaf6896d67462af54e77ba3c2fb299a84ab7886f1b92ce1_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:d0916cd9a19901ff6c8b24f0f27db9e9f9322f8fc6eb9e773c4b43fe98800416_s390x",
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:dfd7356ce68d9ff2498655c07b7d700872185597c0c2855d6721acb2ae5e6b5c_ppc64le",
            "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator-bundle@sha256:7c67b7bcdc6e35f38905aff84f007a2b77c727836f256a0c038934ab62c7011e_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:fc3a7d606162c571647e0a4f6184091eddc1fe360e93d7692d1195559a7a74db_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2032580"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:416510e6e489dfb1ab1f0b2091015dcb0adac637ed37f1e18d30f128c45b93d2_s390x",
          "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:8b0d423982c960d81f8e1ade8482ba064507863283aec360ac63f31f0ffdb24f_amd64",
          "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:ebc6a802dc110dddaae352c3a142fbeae1169d5c35fc0f77ef7e64b810c863af_ppc64le",
          "8Base-RHOSE-4.6:openshift4/ose-metering-hive@sha256:2a8670a968b37e04539c052b399e539d60a006bdf4e46d5066bc04530da8f532_amd64"
        ],
        "known_not_affected": [
          "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator-bundle@sha256:b0b6c17769c6ec87496d14b2bcfbfbd035782671bbf6e6934dc2f240f1033902_amd64",
          "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:8db02b3087c2c89bafaf6896d67462af54e77ba3c2fb299a84ab7886f1b92ce1_amd64",
          "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:d0916cd9a19901ff6c8b24f0f27db9e9f9322f8fc6eb9e773c4b43fe98800416_s390x",
          "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:dfd7356ce68d9ff2498655c07b7d700872185597c0c2855d6721acb2ae5e6b5c_ppc64le",
          "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator-bundle@sha256:7c67b7bcdc6e35f38905aff84f007a2b77c727836f256a0c038934ab62c7011e_amd64",
          "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:fc3a7d606162c571647e0a4f6184091eddc1fe360e93d7692d1195559a7a74db_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "RHBZ#2032580",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/cve/CVE-2021-44228",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4",
          "url": "https://www.openwall.com/lists/oss-security/2021/12/14/4"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-16T06:12:27+00:00",
          "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html",
          "product_ids": [
            "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:416510e6e489dfb1ab1f0b2091015dcb0adac637ed37f1e18d30f128c45b93d2_s390x",
            "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:8b0d423982c960d81f8e1ade8482ba064507863283aec360ac63f31f0ffdb24f_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:ebc6a802dc110dddaae352c3a142fbeae1169d5c35fc0f77ef7e64b810c863af_ppc64le",
            "8Base-RHOSE-4.6:openshift4/ose-metering-hive@sha256:2a8670a968b37e04539c052b399e539d60a006bdf4e46d5066bc04530da8f532_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5106"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).",
          "product_ids": [
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator-bundle@sha256:b0b6c17769c6ec87496d14b2bcfbfbd035782671bbf6e6934dc2f240f1033902_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:8db02b3087c2c89bafaf6896d67462af54e77ba3c2fb299a84ab7886f1b92ce1_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:d0916cd9a19901ff6c8b24f0f27db9e9f9322f8fc6eb9e773c4b43fe98800416_s390x",
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:dfd7356ce68d9ff2498655c07b7d700872185597c0c2855d6721acb2ae5e6b5c_ppc64le",
            "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:416510e6e489dfb1ab1f0b2091015dcb0adac637ed37f1e18d30f128c45b93d2_s390x",
            "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:8b0d423982c960d81f8e1ade8482ba064507863283aec360ac63f31f0ffdb24f_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:ebc6a802dc110dddaae352c3a142fbeae1169d5c35fc0f77ef7e64b810c863af_ppc64le",
            "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator-bundle@sha256:7c67b7bcdc6e35f38905aff84f007a2b77c727836f256a0c038934ab62c7011e_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:fc3a7d606162c571647e0a4f6184091eddc1fe360e93d7692d1195559a7a74db_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-metering-hive@sha256:2a8670a968b37e04539c052b399e539d60a006bdf4e46d5066bc04530da8f532_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator-bundle@sha256:b0b6c17769c6ec87496d14b2bcfbfbd035782671bbf6e6934dc2f240f1033902_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:8db02b3087c2c89bafaf6896d67462af54e77ba3c2fb299a84ab7886f1b92ce1_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:d0916cd9a19901ff6c8b24f0f27db9e9f9322f8fc6eb9e773c4b43fe98800416_s390x",
            "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:dfd7356ce68d9ff2498655c07b7d700872185597c0c2855d6721acb2ae5e6b5c_ppc64le",
            "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:416510e6e489dfb1ab1f0b2091015dcb0adac637ed37f1e18d30f128c45b93d2_s390x",
            "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:8b0d423982c960d81f8e1ade8482ba064507863283aec360ac63f31f0ffdb24f_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:ebc6a802dc110dddaae352c3a142fbeae1169d5c35fc0f77ef7e64b810c863af_ppc64le",
            "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator-bundle@sha256:7c67b7bcdc6e35f38905aff84f007a2b77c727836f256a0c038934ab62c7011e_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:fc3a7d606162c571647e0a4f6184091eddc1fe360e93d7692d1195559a7a74db_amd64",
            "8Base-RHOSE-4.6:openshift4/ose-metering-hive@sha256:2a8670a968b37e04539c052b399e539d60a006bdf4e46d5066bc04530da8f532_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-05-01T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)"
    }
  ]
}

RHSA-2021_5128

Vulnerability from csaf_redhat - Published: 2021-12-14 18:09 - Updated: 2024-12-17 23:59

Summary

Red Hat Security Advisory: Openshift Logging security and bug update (5.1.5)

Severity

Moderate

Notes

Topic: An update is now available for OpenShift Logging 5.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Openshift Logging Security and Bug Fix Release (5.1.5) Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) * netty: Request smuggling via content-length header (CVE-2021-21409) * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-21409

A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Vendor Fix For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html For Red Hat OpenShift Logging 5.1, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5128

CVE-2021-37136

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html For Red Hat OpenShift Logging 5.1, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5128

CVE-2021-37137

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html For Red Hat OpenShift Logging 5.1, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5128

CVE-2021-44228

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Vendor Fix For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html For Red Hat OpenShift Logging 5.1, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5128

Workaround For Log4j versions >=2.10 set the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true For Log4j versions >=2.7 and <=2.14.1 all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m For Log4j versions >=2.0-beta9 and <=2.10.0 remove the JndiLookup class from the classpath. For example: ``` zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ``` On OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421 On OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441

CVE-2021-45046

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html For Red Hat OpenShift Logging 5.1, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5128

Workaround For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).

References

URL

Category

	https://access.redhat.com/errata/RHSA-2021:5128	self
	https://access.redhat.com/security/updates/classi…	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1944888	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2004133	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2004135	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://issues.redhat.com/browse/LOG-1971	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2021-21409	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1944888	external
	https://www.cve.org/CVERecord?id=CVE-2021-21409	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-21409	external
	https://github.com/netty/netty/security/advisorie…	external
	https://access.redhat.com/security/cve/CVE-2021-37136	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2004133	external
	https://www.cve.org/CVERecord?id=CVE-2021-37136	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-37136	external
	https://github.com/netty/netty/security/advisorie…	external
	https://access.redhat.com/security/cve/CVE-2021-37137	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2004135	external
	https://www.cve.org/CVERecord?id=CVE-2021-37137	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-37137	external
	https://access.redhat.com/security/cve/CVE-2021-44228	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://www.cve.org/CVERecord?id=CVE-2021-44228	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-44228	external
	https://github.com/advisories/GHSA-jfh8-c2jp-5v3q	external
	https://logging.apache.org/log4j/2.x/security.html	external
	https://www.lunasec.io/docs/blog/log4j-zero-day/	external
	https://www.cisa.gov/known-exploited-vulnerabilit…	external
	https://access.redhat.com/security/cve/CVE-2021-45046	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2032580	external
	https://www.cve.org/CVERecord?id=CVE-2021-45046	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-45046	external
	https://access.redhat.com/security/cve/CVE-2021-44228	external
	https://www.openwall.com/lists/oss-security/2021/…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for OpenShift Logging 5.1.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Openshift Logging Security and Bug Fix Release (5.1.5)\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:5128",
        "url": "https://access.redhat.com/errata/RHSA-2021:5128"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
      },
      {
        "category": "external",
        "summary": "1944888",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
      },
      {
        "category": "external",
        "summary": "2004133",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
      },
      {
        "category": "external",
        "summary": "2004135",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
      },
      {
        "category": "external",
        "summary": "2030932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
      },
      {
        "category": "external",
        "summary": "LOG-1971",
        "url": "https://issues.redhat.com/browse/LOG-1971"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_5128.json"
      }
    ],
    "title": "Red Hat Security Advisory: Openshift Logging security and bug update (5.1.5)",
    "tracking": {
      "current_release_date": "2024-12-17T23:59:33+00:00",
      "generator": {
        "date": "2024-12-17T23:59:33+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2021:5128",
      "initial_release_date": "2021-12-14T18:09:12+00:00",
      "revision_history": [
        {
          "date": "2021-12-14T18:09:12+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-12-14T18:09:12+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-17T23:59:33+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "OpenShift Logging 5.1",
                "product": {
                  "name": "OpenShift Logging 5.1",
                  "product_id": "8Base-OSE-LOGGING-5.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:logging:5.1::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e_s390x",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e_s390x",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe_s390x",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff_s390x",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-68"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c_s390x",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-67"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c_s390x",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c_s390x",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-65"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007_s390x",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007_s390x",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-72"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b_s390x",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b_s390x",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-75"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99_ppc64le",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99_ppc64le",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-68"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02_ppc64le",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-67"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62_ppc64le",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62_ppc64le",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-65"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e_ppc64le",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e_ppc64le",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-72"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0_ppc64le",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0_ppc64le",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-75"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5_amd64",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956_amd64",
                  "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.1.5-9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36_amd64",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202_amd64",
                  "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.1.5-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81_amd64",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-68"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed_amd64",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-67"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a_amd64",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a_amd64",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-65"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d_amd64",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d_amd64",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-72"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f_amd64",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f_amd64",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-75"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e_s390x"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99_ppc64le"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a_amd64"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62_ppc64le"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c_s390x"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d_amd64"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007_s390x"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e_ppc64le"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b_s390x"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0_ppc64le"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f_amd64"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-21409",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2021-03-30T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1944888"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: Request smuggling via content-length header",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Satellite ships a vulnerable Netty version embedded in Candlepin. However, it is not directly vulnerable since the HTTP requests are handled by Tomcat and not by Netty.\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02_ppc64le"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21409"
        },
        {
          "category": "external",
          "summary": "RHBZ#1944888",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21409",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
        }
      ],
      "release_date": "2021-03-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T18:09:12+00:00",
          "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5128"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty: Request smuggling via content-length header"
    },
    {
      "cve": "CVE-2021-37136",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-09-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2004133"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02_ppc64le"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-37136"
        },
        {
          "category": "external",
          "summary": "RHBZ#2004133",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
        }
      ],
      "release_date": "2021-09-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T18:09:12+00:00",
          "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5128"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data"
    },
    {
      "cve": "CVE-2021-37137",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-09-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2004135"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02_ppc64le"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-37137"
        },
        {
          "category": "external",
          "summary": "RHBZ#2004135",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
        }
      ],
      "release_date": "2021-09-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T18:09:12+00:00",
          "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5128"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way"
    },
    {
      "cve": "CVE-2021-44228",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-12-10T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030932"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue only affects log4j versions between 2.0  and 2.14.1. In order to exploit this flaw you need:\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n\nIn Red Hat OpenShift Logging the vulnerable log4j library is shipped in the Elasticsearch components. Because Elasticsearch is not susceptible to remote code execution with this vulnerability due to use of the Java Security Manager and because access to these components is limited, the impact by this vulnerability is reduced to Moderate.\n\nAs per upstream applications using Log4j 1.x may be impacted by this flaw if their configuration uses JNDI. However, the risk is much lower. This flaw in Log4j 1.x is tracked via https://access.redhat.com/security/cve/CVE-2021-4104 and has been rated as having Moderate security impact.\n\nCodeReady Studio version 12.21.1 was released containing a fix for this vulnerability.\n\nThe following products are NOT affected by this flaw and have been explicitly listed here for the benefit of our customers.\n- Red Hat Enterprise Linux\n- Red Hat Advanced Cluster Management for Kubernetes \n- Red Hat Advanced Cluster Security for Kubernetes\n- Red Hat Ansible Automation Platform (Engine and Tower)\n- Red Hat Certificate System\n- Red Hat Directory Server\n- Red Hat Identity Management\n- Red Hat CloudForms \n- Red Hat Update Infrastructure\n- Red Hat Satellite\n- Red Hat Ceph Storage\n- Red Hat Gluster Storage\n- Red Hat OpenShift Data Foundation\n- Red Hat OpenStack Platform\n- Red Hat Virtualization\n- Red Hat Single Sign-On\n- Red Hat 3scale API Management",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02_ppc64le"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030932",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
        },
        {
          "category": "external",
          "summary": "RHSB-2021-009",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q",
          "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.lunasec.io/docs/blog/log4j-zero-day/",
          "url": "https://www.lunasec.io/docs/blog/log4j-zero-day/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-10T02:01:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T18:09:12+00:00",
          "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5128"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions \u003e=2.10\nset the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true\n\nFor Log4j versions \u003e=2.7 and \u003c=2.14.1\nall PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m\n\nFor Log4j versions \u003e=2.0-beta9 and \u003c=2.10.0\nremove the JndiLookup class from the classpath. For example: \n```\nzip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\n```\n\nOn OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421\n\nOn OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2021-12-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value"
    },
    {
      "cve": "CVE-2021-45046",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-12-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2032580"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02_ppc64le"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "RHBZ#2032580",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/cve/CVE-2021-44228",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4",
          "url": "https://www.openwall.com/lists/oss-security/2021/12/14/4"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T18:09:12+00:00",
          "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5128"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:9ff35e6d560796a50b470c75ba6862cc79c6d9e30074e4a3f2c606fae3722956_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:64a4376815864ae9b521396b510a0d1627665142b14cd3c2e3aa9452231a542e_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:70aca191fa4fe95e857f8cba3925d88e9965e8c868c6362e00ad0ce912360a99_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:76573c99dcd3f44e6bc81b018867ee3bfe3c33ea1878c63675a39e85b4c72de5_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:862602f0b5cf3dc1bdd69f236d09a4bf1630fdd77e7faf30a1f4858558360202_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:09eb62fb9c67251f67cf13bbd840c274d879285cb3151e4540df5c9e286debff_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:551c671792f1d97cf00b1c52b8645d6aa734655bc834f280013408e2d6101b81_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:c57ce065696844f5c5d0e09969d228f79423b2d1d2f97a5a539c87fb3de63793_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0807527589e608dec6aa6f94cccac8cf89331a86cdb193139f88c375604c9afe_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:2467fb3d733e318b3ce1474301361af0247580b7abf9b8b2d3482707d0272949_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:5e9ed1c4e59daccc7ed0a3418900f8088f8307016311b670e7d23be304b61f36_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:315b9b9057b2893d0e14fe7c3e2809066ce90b5b42863934de93734ee26d212c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:711054937975c1e7061381bdcadd90ca8192648624888b6ba999dbedf616f8ed_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:fca86030c0886e0c41d4000d4907e6a58717b95c206d34dba5197d44aa8d6d02_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b85c8866c068409bee0b7f162e3a5f04c075c221d04bc7f6347ca3f9e022840a_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:c47fda436df07eaab5a3878c37c43b6ce401c216f5207a6d9b2d1017d5ad1a62_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:cb3c3b89d3969a1ffe6b11b343cda4c074f3f87572dfc2b6b4d681802b4c420c_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:623dd6d9c57ed7c44e57f5f7ddfbc5b16dc986b86a20188781ebefdde9f87f0d_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:760f9ed42e7634fc246fc638985802d84df561d87c80628ba7bf7db8543e0007_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:8a21d9ea3bcc997ddaa38cf7115b8ad982d9e019beece3dd52a027aeaf211c3e_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:2d9f4a1319755cdfdf5e1cf8bd7a12edc6e17b5a85fef5f10a067e5a936a095b_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b3cdddf65666934636aa6a6a7cf3c9f00d4f793cfb0b9eef8e0aacf04b6fb7c0_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f68496878ed86375e0d28d4b01d1686e1af078582710576fcb8a1a4b7c6ec20f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-05-01T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)"
    }
  ]
}

RHSA-2021:5126

Vulnerability from csaf_redhat - Published: 2021-12-14 16:19 - Updated: 2026-04-01 18:52

Summary

Red Hat Security Advisory: Red Hat Integration Camel Extensions for Quarkus GA security update

Severity

Critical

Notes

Topic: A security update to Red Hat Integration Camel Extensions for Quarkus 2.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: This update of Red Hat Integration - Camel Extensions for Quarkus serves as a replacement for 2.2 GA and includes the following security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-44228

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Vendor Fix Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2021:5126

Workaround For Log4j versions >=2.10 set the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true For Log4j versions >=2.7 and <=2.14.1 all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m For Log4j versions >=2.0-beta9 and <=2.10.0 remove the JndiLookup class from the classpath. For example: ``` zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ``` On OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421 On OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441

References

URL

Category

	https://access.redhat.com/errata/RHSA-2021:5126	self
	https://access.redhat.com/security/updates/classi…	external
	https://access.redhat.com/jbossnetwork/restricted…	external
	https://access.redhat.com/documentation/en-us/red…	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2021-44228	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://www.cve.org/CVERecord?id=CVE-2021-44228	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-44228	external
	https://github.com/advisories/GHSA-jfh8-c2jp-5v3q	external
	https://logging.apache.org/log4j/2.x/security.html	external
	https://www.lunasec.io/docs/blog/log4j-zero-day/	external
	https://www.cisa.gov/known-exploited-vulnerabilit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update to Red Hat Integration Camel Extensions for Quarkus 2.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed.\n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This update of Red Hat Integration - Camel Extensions for Quarkus serves as a replacement for 2.2 GA and includes the following security Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:5126",
        "url": "https://access.redhat.com/errata/RHSA-2021:5126"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2021-Q4",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2021-Q4"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q4",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q4"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
      },
      {
        "category": "external",
        "summary": "2030932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_5126.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Integration Camel Extensions for Quarkus GA security update",
    "tracking": {
      "current_release_date": "2026-04-01T18:52:52+00:00",
      "generator": {
        "date": "2026-04-01T18:52:52+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.4"
        }
      },
      "id": "RHSA-2021:5126",
      "initial_release_date": "2021-12-14T16:19:04+00:00",
      "revision_history": [
        {
          "date": "2021-12-14T16:19:04+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-12-14T16:19:05+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-01T18:52:52+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Integration Camel Quarkus 2",
                "product": {
                  "name": "Red Hat Integration Camel Quarkus 2",
                  "product_id": "Red Hat Integration Camel Quarkus 2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:camel_quarkus:2.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Integration"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-44228",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-12-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030932"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue only affects log4j versions between 2.0  and 2.14.1. In order to exploit this flaw you need:\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n\nIn Red Hat OpenShift Logging the vulnerable log4j library is shipped in the Elasticsearch components. Because Elasticsearch is not susceptible to remote code execution with this vulnerability due to use of the Java Security Manager and because access to these components is limited, the impact by this vulnerability is reduced to Moderate.\n\nAs per upstream applications using Log4j 1.x may be impacted by this flaw if their configuration uses JNDI. However, the risk is much lower. This flaw in Log4j 1.x is tracked via https://access.redhat.com/security/cve/CVE-2021-4104 and has been rated as having Moderate security impact.\n\nCodeReady Studio version 12.21.1 was released containing a fix for this vulnerability.\n\nThe following products are NOT affected by this flaw and have been explicitly listed here for the benefit of our customers.\n- Red Hat Enterprise Linux\n- Red Hat Advanced Cluster Management for Kubernetes \n- Red Hat Advanced Cluster Security for Kubernetes\n- Red Hat Ansible Automation Platform (Engine and Tower)\n- Red Hat Certificate System\n- Red Hat Directory Server\n- Red Hat Identity Management\n- Red Hat CloudForms \n- Red Hat Update Infrastructure\n- Red Hat Satellite\n- Red Hat Ceph Storage\n- Red Hat Gluster Storage\n- Red Hat OpenShift Data Foundation\n- Red Hat OpenStack Platform\n- Red Hat Virtualization\n- Red Hat Single Sign-On\n- Red Hat 3scale API Management",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Integration Camel Quarkus 2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030932",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
        },
        {
          "category": "external",
          "summary": "RHSB-2021-009",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q",
          "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.lunasec.io/docs/blog/log4j-zero-day/",
          "url": "https://www.lunasec.io/docs/blog/log4j-zero-day/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-10T02:01:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T16:19:04+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Integration Camel Quarkus 2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5126"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions \u003e=2.10\nset the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true\n\nFor Log4j versions \u003e=2.7 and \u003c=2.14.1\nall PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m\n\nFor Log4j versions \u003e=2.0-beta9 and \u003c=2.10.0\nremove the JndiLookup class from the classpath. For example: \n```\nzip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\n```\n\nOn OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421\n\nOn OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441",
          "product_ids": [
            "Red Hat Integration Camel Quarkus 2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Integration Camel Quarkus 2"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2021-12-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value"
    }
  ]
}

RHSA-2022_0296

Vulnerability from csaf_redhat - Published: 2022-01-26 15:52 - Updated: 2024-12-18 00:02

Summary

Red Hat Security Advisory: Red Hat Process Automation Manager 7.12.0 security update

Severity

Critical

Notes

Topic: An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.12.0 serves as an update to Red Hat Process Automation Manager 7.11.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) * jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491) * kubernetes-client: fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.* (CVE-2021-39149) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39145) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39151) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration (CVE-2021-39147) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator (CVE-2021-39148) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39141) * xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39146) * xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39154) * xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.* (CVE-2021-39144) * xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39139) * xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39153) * xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler (CVE-2021-39140) * xstream: remote command execution attack by manipulating the processed input stream (CVE-2021-29505) * xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39150) * xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData (CVE-2021-39152) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2020-28491

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-20218

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-29505

A flaw was found in XStream. By manipulating the processed input stream, a remote attacker may be able to obtain sufficient rights to execute commands. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

Workaround Depending on the version of XStream used there are various usage patterns that mitigate this flaw, though we would strongly recommend using the allow list approach if at all possible as there are likely more class combinations the deny list approach may not address. Allow list approach ```java XStream xstream = new XStream(); XStream.setupDefaultSecurity(xstream); xstream.allowTypesByWildcard(new String[] {"com.misc.classname"}) ``` Deny list for XStream 1.4.16 (this should also address some previous flaws found in 1.4.7 - > 1.4.15) ```java xstream.denyTypesByRegExp(new String[]{ ".*\\.Lazy(?:Search)?Enumeration.*", "(?:java|sun)\\.rmi\\..*" }); ``` Deny list for XStream 1.4.15 ```java xstream.denyTypes(new String[]{ "sun.awt.datatransfer.DataTransferer$IndexOrderComparator", "sun.swing.SwingLazyValue", "com.sun.corba.se.impl.activation.ServerTableEntry", "com.sun.tools.javac.processing.JavacProcessingEnvironment$NameProcessIterator" }); xstream.denyTypesByRegExp(new String[]{ ".*\\$ServiceNameIterator", "javafx\\.collections\\.ObservableList\\$.*", ".*\\.bcel\\..*\\.util\\.ClassLoader" }); xstream.denyTypeHierarchy(java.io.InputStream.class ); xstream.denyTypeHierarchy(java.nio.channels.Channel.class ); xstream.denyTypeHierarchy(javax.activation.DataSource.class ); xstream.denyTypeHierarchy(javax.sql.rowset.BaseRowSet.class ); ``` Deny list for XStream 1.4.13 ```java xstream.denyTypes(new String[]{ "javax.imageio.ImageIO$ContainsFilter" }); xstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class }); ``` Deny list for XStream 1.4.7 -> 1.4.12 ```java xstream.denyTypes(new String[]{ "javax.imageio.ImageIO$ContainsFilter" }); xstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class, java.beans.EventHandler.class, java.lang.ProcessBuilder.class, java.lang.Void.class, void.class }); ``` Deny list for versions prior to XStream 1.4.7 ```java xstream.registerConverter(new Converter() { public boolean canConvert(Class type) { return type != null && (type == java.beans.EventHandler.class || type == java.lang.ProcessBuilder.class || type == java.lang.Void.class || void.class || type.getName().equals("javax.imageio.ImageIO$ContainsFilter") || Proxy.isProxy(type)); } public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) { throw new ConversionException("Unsupported type due to security reasons."); } public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) { throw new ConversionException("Unsupported type due to security reasons."); } }, XStream.PRIORITY_LOW); ```

CVE-2021-39139

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39140

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39141

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-434 - Unrestricted Upload of File with Dangerous Type

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39144

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39145

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39146

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-434 - Unrestricted Upload of File with Dangerous Type

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39147

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-434 - Unrestricted Upload of File with Dangerous Type

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39148

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39149

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39150

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-918 - Server-Side Request Forgery (SSRF)

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39151

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39152

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-918 - Server-Side Request Forgery (SSRF)

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39153

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39154

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-44228

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

Workaround For Log4j versions >=2.10 set the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true For Log4j versions >=2.7 and <=2.14.1 all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m For Log4j versions >=2.0-beta9 and <=2.10.0 remove the JndiLookup class from the classpath. For example: ``` zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ``` On OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421 On OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441

References

URL

Category

	https://access.redhat.com/errata/RHSA-2022:0296	self
	https://access.redhat.com/security/updates/classi…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1923405	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1930423	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1966735	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997763	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997765	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997769	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997772	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997775	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997777	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997779	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997781	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997784	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997786	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997791	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997793	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997795	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997801	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2020-28491	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1930423	external
	https://www.cve.org/CVERecord?id=CVE-2020-28491	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-28491	external
	https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSO…	external
	https://access.redhat.com/security/cve/CVE-2021-20218	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1923405	external
	https://www.cve.org/CVERecord?id=CVE-2021-20218	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-20218	external
	https://github.com/fabric8io/kubernetes-client/is…	external
	https://access.redhat.com/security/cve/CVE-2021-29505	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1966735	external
	https://www.cve.org/CVERecord?id=CVE-2021-29505	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-29505	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://x-stream.github.io/CVE-2021-29505.html	external
	https://access.redhat.com/security/cve/CVE-2021-39139	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997763	external
	https://www.cve.org/CVERecord?id=CVE-2021-39139	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39139	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39140	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997765	external
	https://www.cve.org/CVERecord?id=CVE-2021-39140	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39140	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39141	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997769	external
	https://www.cve.org/CVERecord?id=CVE-2021-39141	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39141	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39144	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997772	external
	https://www.cve.org/CVERecord?id=CVE-2021-39144	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39144	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://www.cisa.gov/known-exploited-vulnerabilit…	external
	https://access.redhat.com/security/cve/CVE-2021-39145	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997775	external
	https://www.cve.org/CVERecord?id=CVE-2021-39145	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39145	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39146	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997777	external
	https://www.cve.org/CVERecord?id=CVE-2021-39146	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39146	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39147	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997779	external
	https://www.cve.org/CVERecord?id=CVE-2021-39147	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39147	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39148	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997781	external
	https://www.cve.org/CVERecord?id=CVE-2021-39148	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39148	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39149	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997784	external
	https://www.cve.org/CVERecord?id=CVE-2021-39149	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39149	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39150	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997786	external
	https://www.cve.org/CVERecord?id=CVE-2021-39150	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39150	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39151	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997791	external
	https://www.cve.org/CVERecord?id=CVE-2021-39151	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39151	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39152	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997793	external
	https://www.cve.org/CVERecord?id=CVE-2021-39152	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39152	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39153	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997795	external
	https://www.cve.org/CVERecord?id=CVE-2021-39153	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39153	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39154	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997801	external
	https://www.cve.org/CVERecord?id=CVE-2021-39154	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39154	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-44228	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://www.cve.org/CVERecord?id=CVE-2021-44228	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-44228	external
	https://github.com/advisories/GHSA-jfh8-c2jp-5v3q	external
	https://logging.apache.org/log4j/2.x/security.html	external
	https://www.lunasec.io/docs/blog/log4j-zero-day/	external

Acknowledgments

Ivan Bodrov

Red Hat Marc Nuri

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis release of Red Hat Process Automation Manager 7.12.0 serves as an update to Red Hat Process Automation Manager 7.11.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\n* jackson-dataformat-cbor:  Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)\n\n* kubernetes-client: fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218)\n\n* xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.* (CVE-2021-39149)\n\n* xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39145)\n\n* xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39151)\n\n* xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration (CVE-2021-39147)\n\n* xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator (CVE-2021-39148)\n\n* xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39141)\n\n* xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39146)\n\n* xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39154)\n\n* xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.* (CVE-2021-39144)\n\n* xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39139)\n\n* xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39153)\n\n* xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler (CVE-2021-39140)\n\n* xstream: remote command execution attack by manipulating the processed input stream (CVE-2021-29505)\n\n* xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39150)\n\n* xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData (CVE-2021-39152)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:0296",
        "url": "https://access.redhat.com/errata/RHSA-2022:0296"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "1923405",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923405"
      },
      {
        "category": "external",
        "summary": "1930423",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423"
      },
      {
        "category": "external",
        "summary": "1966735",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966735"
      },
      {
        "category": "external",
        "summary": "1997763",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997763"
      },
      {
        "category": "external",
        "summary": "1997765",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997765"
      },
      {
        "category": "external",
        "summary": "1997769",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997769"
      },
      {
        "category": "external",
        "summary": "1997772",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997772"
      },
      {
        "category": "external",
        "summary": "1997775",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997775"
      },
      {
        "category": "external",
        "summary": "1997777",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997777"
      },
      {
        "category": "external",
        "summary": "1997779",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997779"
      },
      {
        "category": "external",
        "summary": "1997781",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997781"
      },
      {
        "category": "external",
        "summary": "1997784",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997784"
      },
      {
        "category": "external",
        "summary": "1997786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997786"
      },
      {
        "category": "external",
        "summary": "1997791",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997791"
      },
      {
        "category": "external",
        "summary": "1997793",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997793"
      },
      {
        "category": "external",
        "summary": "1997795",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997795"
      },
      {
        "category": "external",
        "summary": "1997801",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997801"
      },
      {
        "category": "external",
        "summary": "2030932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0296.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.12.0 security update",
    "tracking": {
      "current_release_date": "2024-12-18T00:02:10+00:00",
      "generator": {
        "date": "2024-12-18T00:02:10+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2022:0296",
      "initial_release_date": "2022-01-26T15:52:53+00:00",
      "revision_history": [
        {
          "date": "2022-01-26T15:52:53+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-01-26T15:52:53+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-18T00:02:10+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHPAM 7.12.0",
                "product": {
                  "name": "RHPAM 7.12.0",
                  "product_id": "RHPAM 7.12.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Process Automation Manager"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-28491",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-02-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1930423"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jackson-dataformat-cbor.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nIn OCP 4.6 the openshift4/ose-logging-elasticsearch6 container delivers the vulnerable version of jackson-dataformat-cbor, but OCP 4.6 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support, hence this component is marked as ooss. Since the release of OCP 4.7 this component is delivered as part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8 container).\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.12.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-28491"
        },
        {
          "category": "external",
          "summary": "RHBZ#1930423",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28491",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-28491"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329",
          "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329"
        }
      ],
      "release_date": "2021-02-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-26T15:52:53+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.12.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0296"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Ivan Bodrov"
          ]
        },
        {
          "names": [
            "Marc Nuri"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2021-20218",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2021-02-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1923405"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform 4 (OCP) there are no plans to maintain the ose-logging-elasticsearch5 container, therefore it has been marked wontfix at this time and maybe fixed in a future update.\n\nRed Hat CodeReady WorkSpaces 2.7.0 does not ship fabric8-kubernetes-client and is therefore not affected by this flaw.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.12.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-20218"
        },
        {
          "category": "external",
          "summary": "RHBZ#1923405",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923405"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20218",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-20218"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20218",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20218"
        },
        {
          "category": "external",
          "summary": "https://github.com/fabric8io/kubernetes-client/issues/2715",
          "url": "https://github.com/fabric8io/kubernetes-client/issues/2715"
        }
      ],
      "release_date": "2021-01-12T04:35:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-26T15:52:53+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.12.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0296"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise"
    },
    {
      "cve": "CVE-2021-29505",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2021-05-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1966735"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in XStream. By manipulating the processed input stream, a remote attacker may be able to obtain sufficient rights to execute commands. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "XStream: remote command execution attack by manipulating the processed input stream",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\nCodeReady Studio 12 ships a version of xstream that is affected by this flaw as a transitive dependency for the Wise framework plugin. However, the vulnerable code is not called, so this flaw has been marked as Low severity for CodeReady Studio 12.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.12.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-29505"
        },
        {
          "category": "external",
          "summary": "RHBZ#1966735",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966735"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-29505",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-29505"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29505",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29505"
        },
        {
          "category": "external",
          "summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc",
          "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc"
        },
        {
          "category": "external",
          "summary": "https://x-stream.github.io/CVE-2021-29505.html",
          "url": "https://x-stream.github.io/CVE-2021-29505.html"
        }
      ],
      "release_date": "2021-05-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-26T15:52:53+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.12.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0296"
        },
        {
          "category": "workaround",
          "details": "Depending on the version of XStream used there are various usage patterns that mitigate this flaw, though we would strongly recommend using the allow list approach if at all possible as there are likely more class combinations the deny list approach may not address.\n\nAllow list approach\n```java\nXStream xstream = new XStream();\nXStream.setupDefaultSecurity(xstream);\nxstream.allowTypesByWildcard(new String[] {\"com.misc.classname\"})\n```\nDeny list for XStream 1.4.16 (this should also address some previous flaws found in 1.4.7 - \u003e 1.4.15) \n```java\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.Lazy(?:Search)?Enumeration.*\", \"(?:java|sun)\\\\.rmi\\\\..*\" });\n```\n\nDeny list for XStream 1.4.15\n```java\nxstream.denyTypes(new String[]{ \"sun.awt.datatransfer.DataTransferer$IndexOrderComparator\", \"sun.swing.SwingLazyValue\", \"com.sun.corba.se.impl.activation.ServerTableEntry\", \"com.sun.tools.javac.processing.JavacProcessingEnvironment$NameProcessIterator\" });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\$ServiceNameIterator\", \"javafx\\\\.collections\\\\.ObservableList\\\\$.*\", \".*\\\\.bcel\\\\..*\\\\.util\\\\.ClassLoader\" });\nxstream.denyTypeHierarchy(java.io.InputStream.class );\nxstream.denyTypeHierarchy(java.nio.channels.Channel.class );\nxstream.denyTypeHierarchy(javax.activation.DataSource.class );\nxstream.denyTypeHierarchy(javax.sql.rowset.BaseRowSet.class );\n```\n\nDeny list for XStream 1.4.13\n```java\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class });\n```\n\nDeny list for XStream 1.4.7 -\u003e 1.4.12\n```java\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class, java.beans.EventHandler.class, java.lang.ProcessBuilder.class, java.lang.Void.class, void.class });\n```\n\nDeny list for versions prior to XStream 1.4.7\n```java\nxstream.registerConverter(new Converter() {\n  public boolean canConvert(Class type) {\n    return type != null \u0026\u0026 (type == java.beans.EventHandler.class || type == java.lang.ProcessBuilder.class || type == java.lang.Void.class || void.class || type.getName().equals(\"javax.imageio.ImageIO$ContainsFilter\") || Proxy.isProxy(type));\n  }\n\n  public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {\n    throw new ConversionException(\"Unsupported type due to security reasons.\");\n  }\n\n  public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) {\n    throw new ConversionException(\"Unsupported type due to security reasons.\");\n  }\n}, XStream.PRIORITY_LOW);\n```",
          "product_ids": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "XStream: remote command execution attack by manipulating the processed input stream"
    },
    {
      "cve": "CVE-2021-39139",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2021-08-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1997763"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Users who follow the recommended security framework with a whitelist to limit the types to the minimum required should not be affected. XStream 1.4.18 no longer uses a blacklist by default since it cannot be secured for general purposes.\n\nOpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, the OCP Jenkins package is not affected by this flaw.\nThis version of the XStream library will be delivered in future Jenkins releases.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.12.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-39139"
        },
        {
          "category": "external",
          "summary": "RHBZ#1997763",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997763"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-39139",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-39139"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39139",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39139"
        },
        {
          "category": "external",
          "summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-64xx-cq4q-mf44",
          "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-64xx-cq4q-mf44"
        }
      ],
      "release_date": "2021-08-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-26T15:52:53+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.12.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0296"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl"
    },
    {
      "cve": "CVE-2021-39140",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2021-08-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1997765"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\nThis version of XStream library will be delivered in the future Jenkins releases.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.12.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-39140"
        },
        {
          "category": "external",
          "summary": "RHBZ#1997765",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997765"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-39140",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-39140"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39140",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39140"
        },
        {
          "category": "external",
          "summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-6wf9-jmg9-vxcc",
          "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-6wf9-jmg9-vxcc"
        }
      ],
      "release_date": "2021-08-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-26T15:52:53+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.12.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0296"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler"
    },
    {
      "cve": "CVE-2021-39141",
      "cwe": {
        "id": "CWE-434",
        "name": "Unrestricted Upload of File with Dangerous Type"
      },
      "discovery_date": "2021-08-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1997769"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Users who follow the recommended security framework with a whitelist to limit the types to the minimum required should not be affected. XStream 1.4.18 no longer uses a blacklist by default since it cannot be secured for general purposes.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.12.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-39141"
        },
        {
          "category": "external",
          "summary": "RHBZ#1997769",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997769"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-39141",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-39141"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39141",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39141"
        },
        {
          "category": "external",
          "summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-g5w6-mrj7-75h2",
          "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-g5w6-mrj7-75h2"
        }
      ],
      "release_date": "2021-08-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-26T15:52:53+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.12.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0296"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*"
    },
    {
      "cve": "CVE-2021-39144",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2021-08-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1997772"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.*",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Users who follow the recommended security framework with a whitelist to limit the types to the minimum required should not be affected. XStream 1.4.18 no longer uses a blacklist by default since it cannot be secured for general purposes.\n\nOpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\nThis version of XStream library will be delivered in future Jenkins releases.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security\n\nFor more information, please refer to the [Red Hat solution Article](https://access.redhat.com/solutions/7002450) explaining this issue.\n\nOpenShift Logging\u0027s Elasticsearch 6.8.1 using opendistro_security v0.10.1.2 is not affected by the vulnerable code because com.thoughtworks.xstream is only a build-time dependency.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.12.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-39144"
        },
        {
          "category": "external",
          "summary": "RHBZ#1997772",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997772"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-39144",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-39144"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39144",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39144"
        },
        {
          "category": "external",
          "summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh",
          "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-08-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-26T15:52:53+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.12.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0296"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-03-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.*"
    },
    {
      "cve": "CVE-2021-39145",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2021-08-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1997775"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Users who follow the recommended security framework with a whitelist to limit the types to the minimum required should not be affected. XStream 1.4.18 no longer uses a blacklist by default since it cannot be secured for general purposes.\n\nOpenShift Container Platform (OCP) delivers the Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, the OCP Jenkins package is not affected by this flaw.\nThis version of the XStream library will be delivered in future Jenkins releases.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.12.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-39145"
        },
        {
          "category": "external",
          "summary": "RHBZ#1997775",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997775"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-39145",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-39145"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39145",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39145"
        },
        {
          "category": "external",
          "summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-8jrj-525p-826v",
          "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-8jrj-525p-826v"
        }
      ],
      "release_date": "2021-08-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-26T15:52:53+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.12.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0296"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration"
    },
    {
      "cve": "CVE-2021-39146",
      "cwe": {
        "id": "CWE-434",
        "name": "Unrestricted Upload of File with Dangerous Type"
      },
      "discovery_date": "2021-08-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1997777"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Users who follow the recommended security framework with a whitelist to limit the types to the minimum required should not be affected. XStream 1.4.18 no longer uses a blacklist by default since it cannot be secured for general purposes.\n\nOpenShift Container Platform (OCP) delivers the Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, the OCP Jenkins package is not affected by this flaw.\nThis version of the XStream library will be delivered in future Jenkins releases.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.12.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-39146"
        },
        {
          "category": "external",
          "summary": "RHBZ#1997777",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997777"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-39146",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-39146"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39146",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39146"
        },
        {
          "category": "external",
          "summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-p8pq-r894-fm8f",
          "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-p8pq-r894-fm8f"
        }
      ],
      "release_date": "2021-08-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-26T15:52:53+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.12.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0296"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue"
    },
    {
      "cve": "CVE-2021-39147",
      "cwe": {
        "id": "CWE-434",
        "name": "Unrestricted Upload of File with Dangerous Type"
      },
      "discovery_date": "2021-08-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1997779"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Users who follow the recommended security framework with a whitelist to limit the types to the minimum required should not be affected. XStream 1.4.18 no longer uses a blacklist by default since it cannot be secured for general purposes.\n\nOpenShift Container Platform (OCP) delivers the Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, the OCP Jenkins package is not affected by this flaw.\nThis version of the XStream library will be delivered in future Jenkins releases.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.12.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-39147"
        },
        {
          "category": "external",
          "summary": "RHBZ#1997779",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997779"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-39147",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-39147"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39147",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39147"
        },
        {
          "category": "external",
          "summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-h7v4-7xg3-hxcc",
          "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-h7v4-7xg3-hxcc"
        }
      ],
      "release_date": "2021-08-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-26T15:52:53+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.12.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0296"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration"
    },
    {
      "cve": "CVE-2021-39148",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2021-08-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1997781"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Users who follow the recommended security framework with a whitelist to limit the types to the minimum required should not be affected. XStream 1.4.18 no longer uses a blacklist by default since it cannot be secured for general purposes.\n\nOpenShift Container Platform (OCP) delivers the Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, the OCP Jenkins package is not affected by this flaw.\nThis version of the XStream library will be delivered in future Jenkins releases.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.12.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-39148"
        },
        {
          "category": "external",
          "summary": "RHBZ#1997781",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997781"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-39148",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-39148"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39148",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39148"
        },
        {
          "category": "external",
          "summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-qrx8-8545-4wg2",
          "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-qrx8-8545-4wg2"
        }
      ],
      "release_date": "2021-08-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-26T15:52:53+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.12.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0296"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator"
    },
    {
      "cve": "CVE-2021-39149",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2021-08-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1997784"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.*",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Users who follow the recommended security framework with a whitelist to limit the types to the minimum required should not be affected. XStream 1.4.18 no longer uses a blacklist by default since it cannot be secured for general purposes.\n\nOpenShift Container Platform (OCP) delivers the Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, the OCP Jenkins package is not affected by this flaw.\nThis version of the XStream library will be delivered in future Jenkins releases.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.12.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-39149"
        },
        {
          "category": "external",
          "summary": "RHBZ#1997784",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997784"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-39149",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-39149"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39149",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39149"
        },
        {
          "category": "external",
          "summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-3ccq-5vw3-2p6x",
          "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-3ccq-5vw3-2p6x"
        }
      ],
      "release_date": "2021-08-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-26T15:52:53+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.12.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0296"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.*"
    },
    {
      "cve": "CVE-2021-39150",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2021-08-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1997786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Users who follow the recommended security framework with a whitelist to limit the types to the minimum required should not be affected. If you rely on XStream\u0027s default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18.\n\nOpenShift Container Platform (OCP) delivers the Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, the OCP Jenkins package is not affected by this flaw.\nThis version of the XStream library will be delivered in future Jenkins releases.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.12.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-39150"
        },
        {
          "category": "external",
          "summary": "RHBZ#1997786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-39150",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-39150"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39150",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39150"
        },
        {
          "category": "external",
          "summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-cxfm-5m4g-x7xp",
          "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-cxfm-5m4g-x7xp"
        }
      ],
      "release_date": "2021-08-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-26T15:52:53+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.12.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0296"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*"
    },
    {
      "cve": "CVE-2021-39151",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2021-08-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1997791"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Users who follow the recommended security framework with a whitelist to limit the types to the minimum required should not be affected. XStream 1.4.18 no longer uses a blacklist by default since it cannot be secured for general purposes.\n\nOpenShift Container Platform (OCP) delivers the Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, the OCP Jenkins package is not affected by this flaw.\n\nThis version of the XStream library will be delivered in future Jenkins releases.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.12.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-39151"
        },
        {
          "category": "external",
          "summary": "RHBZ#1997791",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997791"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-39151",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-39151"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39151",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39151"
        },
        {
          "category": "external",
          "summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-hph2-m3g5-xxv4",
          "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-hph2-m3g5-xxv4"
        }
      ],
      "release_date": "2021-08-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-26T15:52:53+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.12.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0296"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration"
    },
    {
      "cve": "CVE-2021-39152",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2021-08-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1997793"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Users who follow the recommended security framework with a whitelist to limit the types to the minimum required should not be affected. If you rely on XStream\u0027s default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18.\n\nOpenShift Container Platform (OCP) delivers the Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, the OCP Jenkins package is not affected by this flaw.\n\nThis version of the XStream library will be delivered in future Jenkins releases.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.12.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-39152"
        },
        {
          "category": "external",
          "summary": "RHBZ#1997793",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997793"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-39152",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-39152"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39152",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39152"
        },
        {
          "category": "external",
          "summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-xw4p-crpj-vjx2",
          "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-xw4p-crpj-vjx2"
        }
      ],
      "release_date": "2021-08-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-26T15:52:53+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.12.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0296"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData"
    },
    {
      "cve": "CVE-2021-39153",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2021-08-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1997795"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Users who follow the recommended security framework with a whitelist to limit the types to the minimum required should not be affected. XStream 1.4.18 no longer uses a blacklist by default since it cannot be secured for general purposes.\n\nOpenShift Container Platform (OCP) delivers the Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, the OCP Jenkins package is not affected by this flaw.\nThis version of the XStream library will be delivered in future Jenkins releases.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.12.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-39153"
        },
        {
          "category": "external",
          "summary": "RHBZ#1997795",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997795"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-39153",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-39153"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39153",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39153"
        },
        {
          "category": "external",
          "summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-2q8x-2p7f-574v",
          "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-2q8x-2p7f-574v"
        }
      ],
      "release_date": "2021-08-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-26T15:52:53+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.12.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0296"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl"
    },
    {
      "cve": "CVE-2021-39154",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2021-08-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1997801"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Users who follow the recommended security framework with a whitelist to limit the types to the minimum required should not be affected. XStream 1.4.18 no longer uses a blacklist by default since it cannot be secured for general purposes.\n\nOpenShift Container Platform (OCP) delivers the Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, the OCP Jenkins package is not affected by this flaw.\nThis version of the XStream library will be delivered in future Jenkins releases.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.12.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-39154"
        },
        {
          "category": "external",
          "summary": "RHBZ#1997801",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997801"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-39154",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-39154"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39154",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39154"
        },
        {
          "category": "external",
          "summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-6w62-hx7r-mw68",
          "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-6w62-hx7r-mw68"
        }
      ],
      "release_date": "2021-08-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-26T15:52:53+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.12.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0296"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue"
    },
    {
      "cve": "CVE-2021-44228",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-12-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030932"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue only affects log4j versions between 2.0  and 2.14.1. In order to exploit this flaw you need:\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n\nIn Red Hat OpenShift Logging the vulnerable log4j library is shipped in the Elasticsearch components. Because Elasticsearch is not susceptible to remote code execution with this vulnerability due to use of the Java Security Manager and because access to these components is limited, the impact by this vulnerability is reduced to Moderate.\n\nAs per upstream applications using Log4j 1.x may be impacted by this flaw if their configuration uses JNDI. However, the risk is much lower. This flaw in Log4j 1.x is tracked via https://access.redhat.com/security/cve/CVE-2021-4104 and has been rated as having Moderate security impact.\n\nCodeReady Studio version 12.21.1 was released containing a fix for this vulnerability.\n\nThe following products are NOT affected by this flaw and have been explicitly listed here for the benefit of our customers.\n- Red Hat Enterprise Linux\n- Red Hat Advanced Cluster Management for Kubernetes \n- Red Hat Advanced Cluster Security for Kubernetes\n- Red Hat Ansible Automation Platform (Engine and Tower)\n- Red Hat Certificate System\n- Red Hat Directory Server\n- Red Hat Identity Management\n- Red Hat CloudForms \n- Red Hat Update Infrastructure\n- Red Hat Satellite\n- Red Hat Ceph Storage\n- Red Hat Gluster Storage\n- Red Hat OpenShift Data Foundation\n- Red Hat OpenStack Platform\n- Red Hat Virtualization\n- Red Hat Single Sign-On\n- Red Hat 3scale API Management",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.12.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030932",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
        },
        {
          "category": "external",
          "summary": "RHSB-2021-009",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q",
          "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.lunasec.io/docs/blog/log4j-zero-day/",
          "url": "https://www.lunasec.io/docs/blog/log4j-zero-day/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-10T02:01:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-26T15:52:53+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.12.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0296"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions \u003e=2.10\nset the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true\n\nFor Log4j versions \u003e=2.7 and \u003c=2.14.1\nall PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m\n\nFor Log4j versions \u003e=2.0-beta9 and \u003c=2.10.0\nremove the JndiLookup class from the classpath. For example: \n```\nzip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\n```\n\nOn OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421\n\nOn OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441",
          "product_ids": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2021-12-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value"
    }
  ]
}

RHSA-2021:5137

Vulnerability from csaf_redhat - Published: 2021-12-14 21:36 - Updated: 2026-04-01 18:52

Summary

Red Hat Security Advisory: Openshift Logging Security Release (5.0.10)

Severity

Moderate

Notes

Topic: Openshift Logging Security Release (5.0.10) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Openshift Logging Bug Fix Release (5.0.10) Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-44228

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Vendor Fix For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html For Red Hat OpenShift Logging 5.0, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5137

Workaround For Log4j versions >=2.10 set the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true For Log4j versions >=2.7 and <=2.14.1 all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m For Log4j versions >=2.0-beta9 and <=2.10.0 remove the JndiLookup class from the classpath. For example: ``` zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ``` On OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421 On OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441

CVE-2021-45046

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Vendor Fix For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html For Red Hat OpenShift Logging 5.0, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5137

Workaround For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).

References

URL

Category

	https://access.redhat.com/errata/RHSA-2021:5137	self
	https://access.redhat.com/security/updates/classi…	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2021-44228	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://www.cve.org/CVERecord?id=CVE-2021-44228	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-44228	external
	https://github.com/advisories/GHSA-jfh8-c2jp-5v3q	external
	https://logging.apache.org/log4j/2.x/security.html	external
	https://www.lunasec.io/docs/blog/log4j-zero-day/	external
	https://www.cisa.gov/known-exploited-vulnerabilit…	external
	https://access.redhat.com/security/cve/CVE-2021-45046	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2032580	external
	https://www.cve.org/CVERecord?id=CVE-2021-45046	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-45046	external
	https://access.redhat.com/security/cve/CVE-2021-44228	external
	https://www.openwall.com/lists/oss-security/2021/…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Openshift Logging Security Release (5.0.10)\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Openshift Logging Bug Fix Release (5.0.10)\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:5137",
        "url": "https://access.redhat.com/errata/RHSA-2021:5137"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
      },
      {
        "category": "external",
        "summary": "2030932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_5137.json"
      }
    ],
    "title": "Red Hat Security Advisory: Openshift Logging Security Release (5.0.10)",
    "tracking": {
      "current_release_date": "2026-04-01T18:52:55+00:00",
      "generator": {
        "date": "2026-04-01T18:52:55+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.4"
        }
      },
      "id": "RHSA-2021:5137",
      "initial_release_date": "2021-12-14T21:36:36+00:00",
      "revision_history": [
        {
          "date": "2021-12-14T21:36:36+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-12-14T21:36:36+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-01T18:52:55+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "OpenShift Logging 5.0",
                "product": {
                  "name": "OpenShift Logging 5.0",
                  "product_id": "8Base-OSE-LOGGING-5.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:logging:5.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa89345bb6281fac7c35d404a2ff753bff3f222557ab6f03c2c401107adf073e_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa89345bb6281fac7c35d404a2ff753bff3f222557ab6f03c2c401107adf073e_amd64",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa89345bb6281fac7c35d404a2ff753bff3f222557ab6f03c2c401107adf073e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:aa89345bb6281fac7c35d404a2ff753bff3f222557ab6f03c2c401107adf073e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.0.10-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-operator-bundle@sha256:8506f609ee7aae7006f856c9aea1868adbe0689e142d88a7db9fe1a5178f3178_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-operator-bundle@sha256:8506f609ee7aae7006f856c9aea1868adbe0689e142d88a7db9fe1a5178f3178_amd64",
                  "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:8506f609ee7aae7006f856c9aea1868adbe0689e142d88a7db9fe1a5178f3178_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:8506f609ee7aae7006f856c9aea1868adbe0689e142d88a7db9fe1a5178f3178?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.0.10-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:71bcbfb03b820d0a2ce7fb5ec6ab4830b2d38ff62ccdcf974139a7244cf5b2ee_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:71bcbfb03b820d0a2ce7fb5ec6ab4830b2d38ff62ccdcf974139a7244cf5b2ee_amd64",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:71bcbfb03b820d0a2ce7fb5ec6ab4830b2d38ff62ccdcf974139a7244cf5b2ee_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:71bcbfb03b820d0a2ce7fb5ec6ab4830b2d38ff62ccdcf974139a7244cf5b2ee?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.0.10-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-operator-bundle@sha256:4edb9f0a5efe40bdb5ae5f9b68abb4ac952810d1333442993c90bee6831bbe64_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-operator-bundle@sha256:4edb9f0a5efe40bdb5ae5f9b68abb4ac952810d1333442993c90bee6831bbe64_amd64",
                  "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:4edb9f0a5efe40bdb5ae5f9b68abb4ac952810d1333442993c90bee6831bbe64_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:4edb9f0a5efe40bdb5ae5f9b68abb4ac952810d1333442993c90bee6831bbe64?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.0.10-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:70fb7698de4592d07001b268b914f468c03618471cb975b6a21c35451999be2a_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:70fb7698de4592d07001b268b914f468c03618471cb975b6a21c35451999be2a_amd64",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:70fb7698de4592d07001b268b914f468c03618471cb975b6a21c35451999be2a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:70fb7698de4592d07001b268b914f468c03618471cb975b6a21c35451999be2a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v5.0.10-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:4b597b22e6dbf1897e728d8384a7fb6f703290a6b4f9755141a9bd35569c1bb4_amd64",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:4b597b22e6dbf1897e728d8384a7fb6f703290a6b4f9755141a9bd35569c1bb4_amd64",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:4b597b22e6dbf1897e728d8384a7fb6f703290a6b4f9755141a9bd35569c1bb4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:4b597b22e6dbf1897e728d8384a7fb6f703290a6b4f9755141a9bd35569c1bb4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.0.10-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:c4fb65aaf2602f06b713da8e5b5674d880f57177510a533135cbb93c7e362eb9_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:c4fb65aaf2602f06b713da8e5b5674d880f57177510a533135cbb93c7e362eb9_amd64",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:c4fb65aaf2602f06b713da8e5b5674d880f57177510a533135cbb93c7e362eb9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:c4fb65aaf2602f06b713da8e5b5674d880f57177510a533135cbb93c7e362eb9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v5.0.10-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:98092e9322efec21851e728e69e1b32b7607a4aedccc9ec39fc225849f3b7e1a_amd64",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:98092e9322efec21851e728e69e1b32b7607a4aedccc9ec39fc225849f3b7e1a_amd64",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:98092e9322efec21851e728e69e1b32b7607a4aedccc9ec39fc225849f3b7e1a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:98092e9322efec21851e728e69e1b32b7607a4aedccc9ec39fc225849f3b7e1a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v5.0.10-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:3273f04559882c0ab7c2b61da96aa7a61f0004d1c87e8070477ba984cfa3dc50_amd64",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:3273f04559882c0ab7c2b61da96aa7a61f0004d1c87e8070477ba984cfa3dc50_amd64",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:3273f04559882c0ab7c2b61da96aa7a61f0004d1c87e8070477ba984cfa3dc50_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:3273f04559882c0ab7c2b61da96aa7a61f0004d1c87e8070477ba984cfa3dc50?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v5.0.10-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:7709829dde3568c1e32b4e949054191166545e724803341e4182e080583adbc8_amd64",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:7709829dde3568c1e32b4e949054191166545e724803341e4182e080583adbc8_amd64",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:7709829dde3568c1e32b4e949054191166545e724803341e4182e080583adbc8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:7709829dde3568c1e32b4e949054191166545e724803341e4182e080583adbc8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v5.0.10-1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa5bbc1b0792179d50e7e102588195b0b11799b94640db5039ff371e8505e32b_ppc64le",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa5bbc1b0792179d50e7e102588195b0b11799b94640db5039ff371e8505e32b_ppc64le",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa5bbc1b0792179d50e7e102588195b0b11799b94640db5039ff371e8505e32b_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:aa5bbc1b0792179d50e7e102588195b0b11799b94640db5039ff371e8505e32b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.0.10-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:97bd3a7bf854f3b4ead46336683a82853f78df95c48ab9a4f1c5164105f05f8e_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:97bd3a7bf854f3b4ead46336683a82853f78df95c48ab9a4f1c5164105f05f8e_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:97bd3a7bf854f3b4ead46336683a82853f78df95c48ab9a4f1c5164105f05f8e_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:97bd3a7bf854f3b4ead46336683a82853f78df95c48ab9a4f1c5164105f05f8e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.0.10-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:cf7da672fc4e59894230852c0d5e67e3fcbbcce1fa992784b5348e654ff59417_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:cf7da672fc4e59894230852c0d5e67e3fcbbcce1fa992784b5348e654ff59417_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:cf7da672fc4e59894230852c0d5e67e3fcbbcce1fa992784b5348e654ff59417_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:cf7da672fc4e59894230852c0d5e67e3fcbbcce1fa992784b5348e654ff59417?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v5.0.10-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:6a3e0dcfc27c799d54b9b86d71b61691583d48b71b1f651afb46ae5b00a31ba1_ppc64le",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:6a3e0dcfc27c799d54b9b86d71b61691583d48b71b1f651afb46ae5b00a31ba1_ppc64le",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:6a3e0dcfc27c799d54b9b86d71b61691583d48b71b1f651afb46ae5b00a31ba1_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:6a3e0dcfc27c799d54b9b86d71b61691583d48b71b1f651afb46ae5b00a31ba1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.0.10-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:a70f88abff582e94a56f650acb782217e6247dc13343d7803492467a4881a9b0_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:a70f88abff582e94a56f650acb782217e6247dc13343d7803492467a4881a9b0_ppc64le",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:a70f88abff582e94a56f650acb782217e6247dc13343d7803492467a4881a9b0_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:a70f88abff582e94a56f650acb782217e6247dc13343d7803492467a4881a9b0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v5.0.10-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:09ba9e857b5ba3ac122d71b2c349ab8e13981c34268b6ec9c252519243f77d55_ppc64le",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:09ba9e857b5ba3ac122d71b2c349ab8e13981c34268b6ec9c252519243f77d55_ppc64le",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:09ba9e857b5ba3ac122d71b2c349ab8e13981c34268b6ec9c252519243f77d55_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:09ba9e857b5ba3ac122d71b2c349ab8e13981c34268b6ec9c252519243f77d55?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v5.0.10-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:77489c11265b4890c23c95b3bb255f707e9bfe02475a65e566fae1d1eb0ca970_ppc64le",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:77489c11265b4890c23c95b3bb255f707e9bfe02475a65e566fae1d1eb0ca970_ppc64le",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:77489c11265b4890c23c95b3bb255f707e9bfe02475a65e566fae1d1eb0ca970_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:77489c11265b4890c23c95b3bb255f707e9bfe02475a65e566fae1d1eb0ca970?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v5.0.10-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:e3d3cba918b8eb95f340e1a6d5a2bc05bb93b6b305a0beccae0b5d37a064986a_ppc64le",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:e3d3cba918b8eb95f340e1a6d5a2bc05bb93b6b305a0beccae0b5d37a064986a_ppc64le",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:e3d3cba918b8eb95f340e1a6d5a2bc05bb93b6b305a0beccae0b5d37a064986a_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:e3d3cba918b8eb95f340e1a6d5a2bc05bb93b6b305a0beccae0b5d37a064986a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v5.0.10-1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:177037cc7dd2abedf432efd6addf9d47960d8e9fb116cdfc973ee4999a488383_s390x",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:177037cc7dd2abedf432efd6addf9d47960d8e9fb116cdfc973ee4999a488383_s390x",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:177037cc7dd2abedf432efd6addf9d47960d8e9fb116cdfc973ee4999a488383_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:177037cc7dd2abedf432efd6addf9d47960d8e9fb116cdfc973ee4999a488383?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.0.10-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4bba1d96440b7fc19cb61fdacad24bfab5fab610eae01374d830ee51fa8a6bd4_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4bba1d96440b7fc19cb61fdacad24bfab5fab610eae01374d830ee51fa8a6bd4_s390x",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:4bba1d96440b7fc19cb61fdacad24bfab5fab610eae01374d830ee51fa8a6bd4_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:4bba1d96440b7fc19cb61fdacad24bfab5fab610eae01374d830ee51fa8a6bd4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.0.10-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c1dd73551aa53acb75a02875449fa54a995df5888b68421a7e945862a98aa8c2_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c1dd73551aa53acb75a02875449fa54a995df5888b68421a7e945862a98aa8c2_s390x",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c1dd73551aa53acb75a02875449fa54a995df5888b68421a7e945862a98aa8c2_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:c1dd73551aa53acb75a02875449fa54a995df5888b68421a7e945862a98aa8c2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v5.0.10-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:680699c945e150eb6fdbd0dd70565ad279fba8c21abbffe1fa7b3a0360f03178_s390x",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:680699c945e150eb6fdbd0dd70565ad279fba8c21abbffe1fa7b3a0360f03178_s390x",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:680699c945e150eb6fdbd0dd70565ad279fba8c21abbffe1fa7b3a0360f03178_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:680699c945e150eb6fdbd0dd70565ad279fba8c21abbffe1fa7b3a0360f03178?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.0.10-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:8612f54b6b077febf9ab833b6bf6fe4673bc29ed8765323e60c4b7531ef40407_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:8612f54b6b077febf9ab833b6bf6fe4673bc29ed8765323e60c4b7531ef40407_s390x",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:8612f54b6b077febf9ab833b6bf6fe4673bc29ed8765323e60c4b7531ef40407_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:8612f54b6b077febf9ab833b6bf6fe4673bc29ed8765323e60c4b7531ef40407?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v5.0.10-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:abf4052884464d6fa82d2b4aed5a612918d395f4229dde26a3c3acfa20fbfb34_s390x",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:abf4052884464d6fa82d2b4aed5a612918d395f4229dde26a3c3acfa20fbfb34_s390x",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:abf4052884464d6fa82d2b4aed5a612918d395f4229dde26a3c3acfa20fbfb34_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:abf4052884464d6fa82d2b4aed5a612918d395f4229dde26a3c3acfa20fbfb34?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v5.0.10-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:a88c38034287123710fbdfa23056a700dbf918fa563d6ce14c56c99a14000a5c_s390x",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:a88c38034287123710fbdfa23056a700dbf918fa563d6ce14c56c99a14000a5c_s390x",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:a88c38034287123710fbdfa23056a700dbf918fa563d6ce14c56c99a14000a5c_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:a88c38034287123710fbdfa23056a700dbf918fa563d6ce14c56c99a14000a5c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v5.0.10-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:d505ef5c45463c45c6bd67873ef038400b79b940ab142153ebdc86d6efdfb619_s390x",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:d505ef5c45463c45c6bd67873ef038400b79b940ab142153ebdc86d6efdfb619_s390x",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:d505ef5c45463c45c6bd67873ef038400b79b940ab142153ebdc86d6efdfb619_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:d505ef5c45463c45c6bd67873ef038400b79b940ab142153ebdc86d6efdfb619?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v5.0.10-1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-operator-bundle@sha256:8506f609ee7aae7006f856c9aea1868adbe0689e142d88a7db9fe1a5178f3178_amd64 as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:8506f609ee7aae7006f856c9aea1868adbe0689e142d88a7db9fe1a5178f3178_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:8506f609ee7aae7006f856c9aea1868adbe0689e142d88a7db9fe1a5178f3178_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:177037cc7dd2abedf432efd6addf9d47960d8e9fb116cdfc973ee4999a488383_s390x as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:177037cc7dd2abedf432efd6addf9d47960d8e9fb116cdfc973ee4999a488383_s390x"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:177037cc7dd2abedf432efd6addf9d47960d8e9fb116cdfc973ee4999a488383_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa5bbc1b0792179d50e7e102588195b0b11799b94640db5039ff371e8505e32b_ppc64le as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:aa5bbc1b0792179d50e7e102588195b0b11799b94640db5039ff371e8505e32b_ppc64le"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa5bbc1b0792179d50e7e102588195b0b11799b94640db5039ff371e8505e32b_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa89345bb6281fac7c35d404a2ff753bff3f222557ab6f03c2c401107adf073e_amd64 as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:aa89345bb6281fac7c35d404a2ff753bff3f222557ab6f03c2c401107adf073e_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa89345bb6281fac7c35d404a2ff753bff3f222557ab6f03c2c401107adf073e_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-operator-bundle@sha256:4edb9f0a5efe40bdb5ae5f9b68abb4ac952810d1333442993c90bee6831bbe64_amd64 as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:4edb9f0a5efe40bdb5ae5f9b68abb4ac952810d1333442993c90bee6831bbe64_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:4edb9f0a5efe40bdb5ae5f9b68abb4ac952810d1333442993c90bee6831bbe64_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:70fb7698de4592d07001b268b914f468c03618471cb975b6a21c35451999be2a_amd64 as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:70fb7698de4592d07001b268b914f468c03618471cb975b6a21c35451999be2a_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:70fb7698de4592d07001b268b914f468c03618471cb975b6a21c35451999be2a_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c1dd73551aa53acb75a02875449fa54a995df5888b68421a7e945862a98aa8c2_s390x as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:c1dd73551aa53acb75a02875449fa54a995df5888b68421a7e945862a98aa8c2_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c1dd73551aa53acb75a02875449fa54a995df5888b68421a7e945862a98aa8c2_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:cf7da672fc4e59894230852c0d5e67e3fcbbcce1fa992784b5348e654ff59417_ppc64le as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:cf7da672fc4e59894230852c0d5e67e3fcbbcce1fa992784b5348e654ff59417_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:cf7da672fc4e59894230852c0d5e67e3fcbbcce1fa992784b5348e654ff59417_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4bba1d96440b7fc19cb61fdacad24bfab5fab610eae01374d830ee51fa8a6bd4_s390x as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:4bba1d96440b7fc19cb61fdacad24bfab5fab610eae01374d830ee51fa8a6bd4_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:4bba1d96440b7fc19cb61fdacad24bfab5fab610eae01374d830ee51fa8a6bd4_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:71bcbfb03b820d0a2ce7fb5ec6ab4830b2d38ff62ccdcf974139a7244cf5b2ee_amd64 as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:71bcbfb03b820d0a2ce7fb5ec6ab4830b2d38ff62ccdcf974139a7244cf5b2ee_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:71bcbfb03b820d0a2ce7fb5ec6ab4830b2d38ff62ccdcf974139a7244cf5b2ee_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:97bd3a7bf854f3b4ead46336683a82853f78df95c48ab9a4f1c5164105f05f8e_ppc64le as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:97bd3a7bf854f3b4ead46336683a82853f78df95c48ab9a4f1c5164105f05f8e_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:97bd3a7bf854f3b4ead46336683a82853f78df95c48ab9a4f1c5164105f05f8e_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:8612f54b6b077febf9ab833b6bf6fe4673bc29ed8765323e60c4b7531ef40407_s390x as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:8612f54b6b077febf9ab833b6bf6fe4673bc29ed8765323e60c4b7531ef40407_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:8612f54b6b077febf9ab833b6bf6fe4673bc29ed8765323e60c4b7531ef40407_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:a70f88abff582e94a56f650acb782217e6247dc13343d7803492467a4881a9b0_ppc64le as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:a70f88abff582e94a56f650acb782217e6247dc13343d7803492467a4881a9b0_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:a70f88abff582e94a56f650acb782217e6247dc13343d7803492467a4881a9b0_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:c4fb65aaf2602f06b713da8e5b5674d880f57177510a533135cbb93c7e362eb9_amd64 as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:c4fb65aaf2602f06b713da8e5b5674d880f57177510a533135cbb93c7e362eb9_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:c4fb65aaf2602f06b713da8e5b5674d880f57177510a533135cbb93c7e362eb9_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:09ba9e857b5ba3ac122d71b2c349ab8e13981c34268b6ec9c252519243f77d55_ppc64le as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:09ba9e857b5ba3ac122d71b2c349ab8e13981c34268b6ec9c252519243f77d55_ppc64le"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:09ba9e857b5ba3ac122d71b2c349ab8e13981c34268b6ec9c252519243f77d55_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:98092e9322efec21851e728e69e1b32b7607a4aedccc9ec39fc225849f3b7e1a_amd64 as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:98092e9322efec21851e728e69e1b32b7607a4aedccc9ec39fc225849f3b7e1a_amd64"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:98092e9322efec21851e728e69e1b32b7607a4aedccc9ec39fc225849f3b7e1a_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:abf4052884464d6fa82d2b4aed5a612918d395f4229dde26a3c3acfa20fbfb34_s390x as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:abf4052884464d6fa82d2b4aed5a612918d395f4229dde26a3c3acfa20fbfb34_s390x"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:abf4052884464d6fa82d2b4aed5a612918d395f4229dde26a3c3acfa20fbfb34_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:3273f04559882c0ab7c2b61da96aa7a61f0004d1c87e8070477ba984cfa3dc50_amd64 as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:3273f04559882c0ab7c2b61da96aa7a61f0004d1c87e8070477ba984cfa3dc50_amd64"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:3273f04559882c0ab7c2b61da96aa7a61f0004d1c87e8070477ba984cfa3dc50_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:77489c11265b4890c23c95b3bb255f707e9bfe02475a65e566fae1d1eb0ca970_ppc64le as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:77489c11265b4890c23c95b3bb255f707e9bfe02475a65e566fae1d1eb0ca970_ppc64le"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:77489c11265b4890c23c95b3bb255f707e9bfe02475a65e566fae1d1eb0ca970_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:a88c38034287123710fbdfa23056a700dbf918fa563d6ce14c56c99a14000a5c_s390x as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:a88c38034287123710fbdfa23056a700dbf918fa563d6ce14c56c99a14000a5c_s390x"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:a88c38034287123710fbdfa23056a700dbf918fa563d6ce14c56c99a14000a5c_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:7709829dde3568c1e32b4e949054191166545e724803341e4182e080583adbc8_amd64 as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:7709829dde3568c1e32b4e949054191166545e724803341e4182e080583adbc8_amd64"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:7709829dde3568c1e32b4e949054191166545e724803341e4182e080583adbc8_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:d505ef5c45463c45c6bd67873ef038400b79b940ab142153ebdc86d6efdfb619_s390x as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:d505ef5c45463c45c6bd67873ef038400b79b940ab142153ebdc86d6efdfb619_s390x"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:d505ef5c45463c45c6bd67873ef038400b79b940ab142153ebdc86d6efdfb619_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:e3d3cba918b8eb95f340e1a6d5a2bc05bb93b6b305a0beccae0b5d37a064986a_ppc64le as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:e3d3cba918b8eb95f340e1a6d5a2bc05bb93b6b305a0beccae0b5d37a064986a_ppc64le"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:e3d3cba918b8eb95f340e1a6d5a2bc05bb93b6b305a0beccae0b5d37a064986a_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:4b597b22e6dbf1897e728d8384a7fb6f703290a6b4f9755141a9bd35569c1bb4_amd64 as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:4b597b22e6dbf1897e728d8384a7fb6f703290a6b4f9755141a9bd35569c1bb4_amd64"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:4b597b22e6dbf1897e728d8384a7fb6f703290a6b4f9755141a9bd35569c1bb4_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:680699c945e150eb6fdbd0dd70565ad279fba8c21abbffe1fa7b3a0360f03178_s390x as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:680699c945e150eb6fdbd0dd70565ad279fba8c21abbffe1fa7b3a0360f03178_s390x"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:680699c945e150eb6fdbd0dd70565ad279fba8c21abbffe1fa7b3a0360f03178_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:6a3e0dcfc27c799d54b9b86d71b61691583d48b71b1f651afb46ae5b00a31ba1_ppc64le as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:6a3e0dcfc27c799d54b9b86d71b61691583d48b71b1f651afb46ae5b00a31ba1_ppc64le"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:6a3e0dcfc27c799d54b9b86d71b61691583d48b71b1f651afb46ae5b00a31ba1_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-44228",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-12-10T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:8506f609ee7aae7006f856c9aea1868adbe0689e142d88a7db9fe1a5178f3178_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:177037cc7dd2abedf432efd6addf9d47960d8e9fb116cdfc973ee4999a488383_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:aa5bbc1b0792179d50e7e102588195b0b11799b94640db5039ff371e8505e32b_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:aa89345bb6281fac7c35d404a2ff753bff3f222557ab6f03c2c401107adf073e_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:4edb9f0a5efe40bdb5ae5f9b68abb4ac952810d1333442993c90bee6831bbe64_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:70fb7698de4592d07001b268b914f468c03618471cb975b6a21c35451999be2a_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:c1dd73551aa53acb75a02875449fa54a995df5888b68421a7e945862a98aa8c2_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:cf7da672fc4e59894230852c0d5e67e3fcbbcce1fa992784b5348e654ff59417_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:4bba1d96440b7fc19cb61fdacad24bfab5fab610eae01374d830ee51fa8a6bd4_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:71bcbfb03b820d0a2ce7fb5ec6ab4830b2d38ff62ccdcf974139a7244cf5b2ee_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:97bd3a7bf854f3b4ead46336683a82853f78df95c48ab9a4f1c5164105f05f8e_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:09ba9e857b5ba3ac122d71b2c349ab8e13981c34268b6ec9c252519243f77d55_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:98092e9322efec21851e728e69e1b32b7607a4aedccc9ec39fc225849f3b7e1a_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:abf4052884464d6fa82d2b4aed5a612918d395f4229dde26a3c3acfa20fbfb34_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:3273f04559882c0ab7c2b61da96aa7a61f0004d1c87e8070477ba984cfa3dc50_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:77489c11265b4890c23c95b3bb255f707e9bfe02475a65e566fae1d1eb0ca970_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:a88c38034287123710fbdfa23056a700dbf918fa563d6ce14c56c99a14000a5c_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:7709829dde3568c1e32b4e949054191166545e724803341e4182e080583adbc8_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:d505ef5c45463c45c6bd67873ef038400b79b940ab142153ebdc86d6efdfb619_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:e3d3cba918b8eb95f340e1a6d5a2bc05bb93b6b305a0beccae0b5d37a064986a_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:4b597b22e6dbf1897e728d8384a7fb6f703290a6b4f9755141a9bd35569c1bb4_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:680699c945e150eb6fdbd0dd70565ad279fba8c21abbffe1fa7b3a0360f03178_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:6a3e0dcfc27c799d54b9b86d71b61691583d48b71b1f651afb46ae5b00a31ba1_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030932"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue only affects log4j versions between 2.0  and 2.14.1. In order to exploit this flaw you need:\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n\nIn Red Hat OpenShift Logging the vulnerable log4j library is shipped in the Elasticsearch components. Because Elasticsearch is not susceptible to remote code execution with this vulnerability due to use of the Java Security Manager and because access to these components is limited, the impact by this vulnerability is reduced to Moderate.\n\nAs per upstream applications using Log4j 1.x may be impacted by this flaw if their configuration uses JNDI. However, the risk is much lower. This flaw in Log4j 1.x is tracked via https://access.redhat.com/security/cve/CVE-2021-4104 and has been rated as having Moderate security impact.\n\nCodeReady Studio version 12.21.1 was released containing a fix for this vulnerability.\n\nThe following products are NOT affected by this flaw and have been explicitly listed here for the benefit of our customers.\n- Red Hat Enterprise Linux\n- Red Hat Advanced Cluster Management for Kubernetes \n- Red Hat Advanced Cluster Security for Kubernetes\n- Red Hat Ansible Automation Platform (Engine and Tower)\n- Red Hat Certificate System\n- Red Hat Directory Server\n- Red Hat Identity Management\n- Red Hat CloudForms \n- Red Hat Update Infrastructure\n- Red Hat Satellite\n- Red Hat Ceph Storage\n- Red Hat Gluster Storage\n- Red Hat OpenShift Data Foundation\n- Red Hat OpenStack Platform\n- Red Hat Virtualization\n- Red Hat Single Sign-On\n- Red Hat 3scale API Management",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:8612f54b6b077febf9ab833b6bf6fe4673bc29ed8765323e60c4b7531ef40407_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:a70f88abff582e94a56f650acb782217e6247dc13343d7803492467a4881a9b0_ppc64le",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:c4fb65aaf2602f06b713da8e5b5674d880f57177510a533135cbb93c7e362eb9_amd64"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:8506f609ee7aae7006f856c9aea1868adbe0689e142d88a7db9fe1a5178f3178_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:177037cc7dd2abedf432efd6addf9d47960d8e9fb116cdfc973ee4999a488383_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:aa5bbc1b0792179d50e7e102588195b0b11799b94640db5039ff371e8505e32b_ppc64le",
          "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:aa89345bb6281fac7c35d404a2ff753bff3f222557ab6f03c2c401107adf073e_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:4edb9f0a5efe40bdb5ae5f9b68abb4ac952810d1333442993c90bee6831bbe64_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:70fb7698de4592d07001b268b914f468c03618471cb975b6a21c35451999be2a_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:c1dd73551aa53acb75a02875449fa54a995df5888b68421a7e945862a98aa8c2_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:cf7da672fc4e59894230852c0d5e67e3fcbbcce1fa992784b5348e654ff59417_ppc64le",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:4bba1d96440b7fc19cb61fdacad24bfab5fab610eae01374d830ee51fa8a6bd4_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:71bcbfb03b820d0a2ce7fb5ec6ab4830b2d38ff62ccdcf974139a7244cf5b2ee_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:97bd3a7bf854f3b4ead46336683a82853f78df95c48ab9a4f1c5164105f05f8e_ppc64le",
          "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:09ba9e857b5ba3ac122d71b2c349ab8e13981c34268b6ec9c252519243f77d55_ppc64le",
          "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:98092e9322efec21851e728e69e1b32b7607a4aedccc9ec39fc225849f3b7e1a_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:abf4052884464d6fa82d2b4aed5a612918d395f4229dde26a3c3acfa20fbfb34_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:3273f04559882c0ab7c2b61da96aa7a61f0004d1c87e8070477ba984cfa3dc50_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:77489c11265b4890c23c95b3bb255f707e9bfe02475a65e566fae1d1eb0ca970_ppc64le",
          "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:a88c38034287123710fbdfa23056a700dbf918fa563d6ce14c56c99a14000a5c_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:7709829dde3568c1e32b4e949054191166545e724803341e4182e080583adbc8_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:d505ef5c45463c45c6bd67873ef038400b79b940ab142153ebdc86d6efdfb619_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:e3d3cba918b8eb95f340e1a6d5a2bc05bb93b6b305a0beccae0b5d37a064986a_ppc64le",
          "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:4b597b22e6dbf1897e728d8384a7fb6f703290a6b4f9755141a9bd35569c1bb4_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:680699c945e150eb6fdbd0dd70565ad279fba8c21abbffe1fa7b3a0360f03178_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:6a3e0dcfc27c799d54b9b86d71b61691583d48b71b1f651afb46ae5b00a31ba1_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030932",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
        },
        {
          "category": "external",
          "summary": "RHSB-2021-009",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q",
          "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.lunasec.io/docs/blog/log4j-zero-day/",
          "url": "https://www.lunasec.io/docs/blog/log4j-zero-day/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-10T02:01:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:36:36+00:00",
          "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:8612f54b6b077febf9ab833b6bf6fe4673bc29ed8765323e60c4b7531ef40407_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:a70f88abff582e94a56f650acb782217e6247dc13343d7803492467a4881a9b0_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:c4fb65aaf2602f06b713da8e5b5674d880f57177510a533135cbb93c7e362eb9_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5137"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions \u003e=2.10\nset the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true\n\nFor Log4j versions \u003e=2.7 and \u003c=2.14.1\nall PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m\n\nFor Log4j versions \u003e=2.0-beta9 and \u003c=2.10.0\nremove the JndiLookup class from the classpath. For example: \n```\nzip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\n```\n\nOn OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421\n\nOn OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441",
          "product_ids": [
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:8506f609ee7aae7006f856c9aea1868adbe0689e142d88a7db9fe1a5178f3178_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:177037cc7dd2abedf432efd6addf9d47960d8e9fb116cdfc973ee4999a488383_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:aa5bbc1b0792179d50e7e102588195b0b11799b94640db5039ff371e8505e32b_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:aa89345bb6281fac7c35d404a2ff753bff3f222557ab6f03c2c401107adf073e_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:4edb9f0a5efe40bdb5ae5f9b68abb4ac952810d1333442993c90bee6831bbe64_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:70fb7698de4592d07001b268b914f468c03618471cb975b6a21c35451999be2a_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:c1dd73551aa53acb75a02875449fa54a995df5888b68421a7e945862a98aa8c2_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:cf7da672fc4e59894230852c0d5e67e3fcbbcce1fa992784b5348e654ff59417_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:4bba1d96440b7fc19cb61fdacad24bfab5fab610eae01374d830ee51fa8a6bd4_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:71bcbfb03b820d0a2ce7fb5ec6ab4830b2d38ff62ccdcf974139a7244cf5b2ee_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:97bd3a7bf854f3b4ead46336683a82853f78df95c48ab9a4f1c5164105f05f8e_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:8612f54b6b077febf9ab833b6bf6fe4673bc29ed8765323e60c4b7531ef40407_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:a70f88abff582e94a56f650acb782217e6247dc13343d7803492467a4881a9b0_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:c4fb65aaf2602f06b713da8e5b5674d880f57177510a533135cbb93c7e362eb9_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:09ba9e857b5ba3ac122d71b2c349ab8e13981c34268b6ec9c252519243f77d55_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:98092e9322efec21851e728e69e1b32b7607a4aedccc9ec39fc225849f3b7e1a_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:abf4052884464d6fa82d2b4aed5a612918d395f4229dde26a3c3acfa20fbfb34_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:3273f04559882c0ab7c2b61da96aa7a61f0004d1c87e8070477ba984cfa3dc50_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:77489c11265b4890c23c95b3bb255f707e9bfe02475a65e566fae1d1eb0ca970_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:a88c38034287123710fbdfa23056a700dbf918fa563d6ce14c56c99a14000a5c_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:7709829dde3568c1e32b4e949054191166545e724803341e4182e080583adbc8_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:d505ef5c45463c45c6bd67873ef038400b79b940ab142153ebdc86d6efdfb619_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:e3d3cba918b8eb95f340e1a6d5a2bc05bb93b6b305a0beccae0b5d37a064986a_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:4b597b22e6dbf1897e728d8384a7fb6f703290a6b4f9755141a9bd35569c1bb4_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:680699c945e150eb6fdbd0dd70565ad279fba8c21abbffe1fa7b3a0360f03178_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:6a3e0dcfc27c799d54b9b86d71b61691583d48b71b1f651afb46ae5b00a31ba1_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:8506f609ee7aae7006f856c9aea1868adbe0689e142d88a7db9fe1a5178f3178_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:177037cc7dd2abedf432efd6addf9d47960d8e9fb116cdfc973ee4999a488383_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:aa5bbc1b0792179d50e7e102588195b0b11799b94640db5039ff371e8505e32b_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:aa89345bb6281fac7c35d404a2ff753bff3f222557ab6f03c2c401107adf073e_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:4edb9f0a5efe40bdb5ae5f9b68abb4ac952810d1333442993c90bee6831bbe64_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:70fb7698de4592d07001b268b914f468c03618471cb975b6a21c35451999be2a_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:c1dd73551aa53acb75a02875449fa54a995df5888b68421a7e945862a98aa8c2_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:cf7da672fc4e59894230852c0d5e67e3fcbbcce1fa992784b5348e654ff59417_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:4bba1d96440b7fc19cb61fdacad24bfab5fab610eae01374d830ee51fa8a6bd4_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:71bcbfb03b820d0a2ce7fb5ec6ab4830b2d38ff62ccdcf974139a7244cf5b2ee_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:97bd3a7bf854f3b4ead46336683a82853f78df95c48ab9a4f1c5164105f05f8e_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:8612f54b6b077febf9ab833b6bf6fe4673bc29ed8765323e60c4b7531ef40407_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:a70f88abff582e94a56f650acb782217e6247dc13343d7803492467a4881a9b0_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:c4fb65aaf2602f06b713da8e5b5674d880f57177510a533135cbb93c7e362eb9_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:09ba9e857b5ba3ac122d71b2c349ab8e13981c34268b6ec9c252519243f77d55_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:98092e9322efec21851e728e69e1b32b7607a4aedccc9ec39fc225849f3b7e1a_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:abf4052884464d6fa82d2b4aed5a612918d395f4229dde26a3c3acfa20fbfb34_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:3273f04559882c0ab7c2b61da96aa7a61f0004d1c87e8070477ba984cfa3dc50_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:77489c11265b4890c23c95b3bb255f707e9bfe02475a65e566fae1d1eb0ca970_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:a88c38034287123710fbdfa23056a700dbf918fa563d6ce14c56c99a14000a5c_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:7709829dde3568c1e32b4e949054191166545e724803341e4182e080583adbc8_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:d505ef5c45463c45c6bd67873ef038400b79b940ab142153ebdc86d6efdfb619_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:e3d3cba918b8eb95f340e1a6d5a2bc05bb93b6b305a0beccae0b5d37a064986a_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:4b597b22e6dbf1897e728d8384a7fb6f703290a6b4f9755141a9bd35569c1bb4_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:680699c945e150eb6fdbd0dd70565ad279fba8c21abbffe1fa7b3a0360f03178_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:6a3e0dcfc27c799d54b9b86d71b61691583d48b71b1f651afb46ae5b00a31ba1_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2021-12-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value"
    },
    {
      "cve": "CVE-2021-45046",
      "cwe": {
        "id": "CWE-917",
        "name": "Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)"
      },
      "discovery_date": "2021-12-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:8506f609ee7aae7006f856c9aea1868adbe0689e142d88a7db9fe1a5178f3178_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:177037cc7dd2abedf432efd6addf9d47960d8e9fb116cdfc973ee4999a488383_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:aa5bbc1b0792179d50e7e102588195b0b11799b94640db5039ff371e8505e32b_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:aa89345bb6281fac7c35d404a2ff753bff3f222557ab6f03c2c401107adf073e_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:4edb9f0a5efe40bdb5ae5f9b68abb4ac952810d1333442993c90bee6831bbe64_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:70fb7698de4592d07001b268b914f468c03618471cb975b6a21c35451999be2a_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:c1dd73551aa53acb75a02875449fa54a995df5888b68421a7e945862a98aa8c2_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:cf7da672fc4e59894230852c0d5e67e3fcbbcce1fa992784b5348e654ff59417_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:4bba1d96440b7fc19cb61fdacad24bfab5fab610eae01374d830ee51fa8a6bd4_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:71bcbfb03b820d0a2ce7fb5ec6ab4830b2d38ff62ccdcf974139a7244cf5b2ee_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:97bd3a7bf854f3b4ead46336683a82853f78df95c48ab9a4f1c5164105f05f8e_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:09ba9e857b5ba3ac122d71b2c349ab8e13981c34268b6ec9c252519243f77d55_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:98092e9322efec21851e728e69e1b32b7607a4aedccc9ec39fc225849f3b7e1a_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:abf4052884464d6fa82d2b4aed5a612918d395f4229dde26a3c3acfa20fbfb34_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:3273f04559882c0ab7c2b61da96aa7a61f0004d1c87e8070477ba984cfa3dc50_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:77489c11265b4890c23c95b3bb255f707e9bfe02475a65e566fae1d1eb0ca970_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:a88c38034287123710fbdfa23056a700dbf918fa563d6ce14c56c99a14000a5c_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:7709829dde3568c1e32b4e949054191166545e724803341e4182e080583adbc8_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:d505ef5c45463c45c6bd67873ef038400b79b940ab142153ebdc86d6efdfb619_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:e3d3cba918b8eb95f340e1a6d5a2bc05bb93b6b305a0beccae0b5d37a064986a_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:4b597b22e6dbf1897e728d8384a7fb6f703290a6b4f9755141a9bd35569c1bb4_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:680699c945e150eb6fdbd0dd70565ad279fba8c21abbffe1fa7b3a0360f03178_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:6a3e0dcfc27c799d54b9b86d71b61691583d48b71b1f651afb46ae5b00a31ba1_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2032580"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:8612f54b6b077febf9ab833b6bf6fe4673bc29ed8765323e60c4b7531ef40407_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:a70f88abff582e94a56f650acb782217e6247dc13343d7803492467a4881a9b0_ppc64le",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:c4fb65aaf2602f06b713da8e5b5674d880f57177510a533135cbb93c7e362eb9_amd64"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:8506f609ee7aae7006f856c9aea1868adbe0689e142d88a7db9fe1a5178f3178_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:177037cc7dd2abedf432efd6addf9d47960d8e9fb116cdfc973ee4999a488383_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:aa5bbc1b0792179d50e7e102588195b0b11799b94640db5039ff371e8505e32b_ppc64le",
          "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:aa89345bb6281fac7c35d404a2ff753bff3f222557ab6f03c2c401107adf073e_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:4edb9f0a5efe40bdb5ae5f9b68abb4ac952810d1333442993c90bee6831bbe64_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:70fb7698de4592d07001b268b914f468c03618471cb975b6a21c35451999be2a_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:c1dd73551aa53acb75a02875449fa54a995df5888b68421a7e945862a98aa8c2_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:cf7da672fc4e59894230852c0d5e67e3fcbbcce1fa992784b5348e654ff59417_ppc64le",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:4bba1d96440b7fc19cb61fdacad24bfab5fab610eae01374d830ee51fa8a6bd4_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:71bcbfb03b820d0a2ce7fb5ec6ab4830b2d38ff62ccdcf974139a7244cf5b2ee_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:97bd3a7bf854f3b4ead46336683a82853f78df95c48ab9a4f1c5164105f05f8e_ppc64le",
          "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:09ba9e857b5ba3ac122d71b2c349ab8e13981c34268b6ec9c252519243f77d55_ppc64le",
          "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:98092e9322efec21851e728e69e1b32b7607a4aedccc9ec39fc225849f3b7e1a_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:abf4052884464d6fa82d2b4aed5a612918d395f4229dde26a3c3acfa20fbfb34_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:3273f04559882c0ab7c2b61da96aa7a61f0004d1c87e8070477ba984cfa3dc50_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:77489c11265b4890c23c95b3bb255f707e9bfe02475a65e566fae1d1eb0ca970_ppc64le",
          "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:a88c38034287123710fbdfa23056a700dbf918fa563d6ce14c56c99a14000a5c_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:7709829dde3568c1e32b4e949054191166545e724803341e4182e080583adbc8_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:d505ef5c45463c45c6bd67873ef038400b79b940ab142153ebdc86d6efdfb619_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:e3d3cba918b8eb95f340e1a6d5a2bc05bb93b6b305a0beccae0b5d37a064986a_ppc64le",
          "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:4b597b22e6dbf1897e728d8384a7fb6f703290a6b4f9755141a9bd35569c1bb4_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:680699c945e150eb6fdbd0dd70565ad279fba8c21abbffe1fa7b3a0360f03178_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:6a3e0dcfc27c799d54b9b86d71b61691583d48b71b1f651afb46ae5b00a31ba1_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "RHBZ#2032580",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/cve/CVE-2021-44228",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4",
          "url": "https://www.openwall.com/lists/oss-security/2021/12/14/4"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T21:36:36+00:00",
          "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:8612f54b6b077febf9ab833b6bf6fe4673bc29ed8765323e60c4b7531ef40407_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:a70f88abff582e94a56f650acb782217e6247dc13343d7803492467a4881a9b0_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:c4fb65aaf2602f06b713da8e5b5674d880f57177510a533135cbb93c7e362eb9_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5137"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).",
          "product_ids": [
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:8506f609ee7aae7006f856c9aea1868adbe0689e142d88a7db9fe1a5178f3178_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:177037cc7dd2abedf432efd6addf9d47960d8e9fb116cdfc973ee4999a488383_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:aa5bbc1b0792179d50e7e102588195b0b11799b94640db5039ff371e8505e32b_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:aa89345bb6281fac7c35d404a2ff753bff3f222557ab6f03c2c401107adf073e_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:4edb9f0a5efe40bdb5ae5f9b68abb4ac952810d1333442993c90bee6831bbe64_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:70fb7698de4592d07001b268b914f468c03618471cb975b6a21c35451999be2a_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:c1dd73551aa53acb75a02875449fa54a995df5888b68421a7e945862a98aa8c2_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:cf7da672fc4e59894230852c0d5e67e3fcbbcce1fa992784b5348e654ff59417_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:4bba1d96440b7fc19cb61fdacad24bfab5fab610eae01374d830ee51fa8a6bd4_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:71bcbfb03b820d0a2ce7fb5ec6ab4830b2d38ff62ccdcf974139a7244cf5b2ee_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:97bd3a7bf854f3b4ead46336683a82853f78df95c48ab9a4f1c5164105f05f8e_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:8612f54b6b077febf9ab833b6bf6fe4673bc29ed8765323e60c4b7531ef40407_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:a70f88abff582e94a56f650acb782217e6247dc13343d7803492467a4881a9b0_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:c4fb65aaf2602f06b713da8e5b5674d880f57177510a533135cbb93c7e362eb9_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:09ba9e857b5ba3ac122d71b2c349ab8e13981c34268b6ec9c252519243f77d55_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:98092e9322efec21851e728e69e1b32b7607a4aedccc9ec39fc225849f3b7e1a_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:abf4052884464d6fa82d2b4aed5a612918d395f4229dde26a3c3acfa20fbfb34_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:3273f04559882c0ab7c2b61da96aa7a61f0004d1c87e8070477ba984cfa3dc50_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:77489c11265b4890c23c95b3bb255f707e9bfe02475a65e566fae1d1eb0ca970_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:a88c38034287123710fbdfa23056a700dbf918fa563d6ce14c56c99a14000a5c_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:7709829dde3568c1e32b4e949054191166545e724803341e4182e080583adbc8_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:d505ef5c45463c45c6bd67873ef038400b79b940ab142153ebdc86d6efdfb619_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:e3d3cba918b8eb95f340e1a6d5a2bc05bb93b6b305a0beccae0b5d37a064986a_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:4b597b22e6dbf1897e728d8384a7fb6f703290a6b4f9755141a9bd35569c1bb4_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:680699c945e150eb6fdbd0dd70565ad279fba8c21abbffe1fa7b3a0360f03178_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:6a3e0dcfc27c799d54b9b86d71b61691583d48b71b1f651afb46ae5b00a31ba1_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:8506f609ee7aae7006f856c9aea1868adbe0689e142d88a7db9fe1a5178f3178_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:177037cc7dd2abedf432efd6addf9d47960d8e9fb116cdfc973ee4999a488383_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:aa5bbc1b0792179d50e7e102588195b0b11799b94640db5039ff371e8505e32b_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:aa89345bb6281fac7c35d404a2ff753bff3f222557ab6f03c2c401107adf073e_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:4edb9f0a5efe40bdb5ae5f9b68abb4ac952810d1333442993c90bee6831bbe64_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:70fb7698de4592d07001b268b914f468c03618471cb975b6a21c35451999be2a_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:c1dd73551aa53acb75a02875449fa54a995df5888b68421a7e945862a98aa8c2_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:cf7da672fc4e59894230852c0d5e67e3fcbbcce1fa992784b5348e654ff59417_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:4bba1d96440b7fc19cb61fdacad24bfab5fab610eae01374d830ee51fa8a6bd4_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:71bcbfb03b820d0a2ce7fb5ec6ab4830b2d38ff62ccdcf974139a7244cf5b2ee_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:97bd3a7bf854f3b4ead46336683a82853f78df95c48ab9a4f1c5164105f05f8e_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:8612f54b6b077febf9ab833b6bf6fe4673bc29ed8765323e60c4b7531ef40407_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:a70f88abff582e94a56f650acb782217e6247dc13343d7803492467a4881a9b0_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:c4fb65aaf2602f06b713da8e5b5674d880f57177510a533135cbb93c7e362eb9_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:09ba9e857b5ba3ac122d71b2c349ab8e13981c34268b6ec9c252519243f77d55_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:98092e9322efec21851e728e69e1b32b7607a4aedccc9ec39fc225849f3b7e1a_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:abf4052884464d6fa82d2b4aed5a612918d395f4229dde26a3c3acfa20fbfb34_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:3273f04559882c0ab7c2b61da96aa7a61f0004d1c87e8070477ba984cfa3dc50_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:77489c11265b4890c23c95b3bb255f707e9bfe02475a65e566fae1d1eb0ca970_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:a88c38034287123710fbdfa23056a700dbf918fa563d6ce14c56c99a14000a5c_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:7709829dde3568c1e32b4e949054191166545e724803341e4182e080583adbc8_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:d505ef5c45463c45c6bd67873ef038400b79b940ab142153ebdc86d6efdfb619_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:e3d3cba918b8eb95f340e1a6d5a2bc05bb93b6b305a0beccae0b5d37a064986a_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:4b597b22e6dbf1897e728d8384a7fb6f703290a6b4f9755141a9bd35569c1bb4_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:680699c945e150eb6fdbd0dd70565ad279fba8c21abbffe1fa7b3a0360f03178_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:6a3e0dcfc27c799d54b9b86d71b61691583d48b71b1f651afb46ae5b00a31ba1_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-05-01T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)"
    }
  ]
}

RHSA-2021_5094

Vulnerability from csaf_redhat - Published: 2021-12-14 05:50 - Updated: 2024-12-17 23:59

Summary

Red Hat Security Advisory: OpenShift Container Platform 3.11.z security update

Severity

Moderate

Notes

Topic: Red Hat OpenShift Container Platform release 3.11.z is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-44228

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Vendor Fix See the following documentation, which will be updated shortly for release 3.11.z, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 . https://access.redhat.com/errata/RHSA-2021:5094

Workaround For Log4j versions >=2.10 set the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true For Log4j versions >=2.7 and <=2.14.1 all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m For Log4j versions >=2.0-beta9 and <=2.10.0 remove the JndiLookup class from the classpath. For example: ``` zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ``` On OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421 On OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441

CVE-2021-45046

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix See the following documentation, which will be updated shortly for release 3.11.z, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 . https://access.redhat.com/errata/RHSA-2021:5094

Workaround For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).

References

URL

Category

	https://access.redhat.com/errata/RHSA-2021:5094	self
	https://access.redhat.com/security/updates/classi…	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2021-44228	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://www.cve.org/CVERecord?id=CVE-2021-44228	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-44228	external
	https://github.com/advisories/GHSA-jfh8-c2jp-5v3q	external
	https://logging.apache.org/log4j/2.x/security.html	external
	https://www.lunasec.io/docs/blog/log4j-zero-day/	external
	https://www.cisa.gov/known-exploited-vulnerabilit…	external
	https://access.redhat.com/security/cve/CVE-2021-45046	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2032580	external
	https://www.cve.org/CVERecord?id=CVE-2021-45046	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-45046	external
	https://access.redhat.com/security/cve/CVE-2021-44228	external
	https://www.openwall.com/lists/oss-security/2021/…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Container Platform release 3.11.z is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an\nattacker-controlled string value (CVE-2021-44228)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s)\nlisted in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:5094",
        "url": "https://access.redhat.com/errata/RHSA-2021:5094"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
      },
      {
        "category": "external",
        "summary": "2030932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_5094.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 3.11.z security update",
    "tracking": {
      "current_release_date": "2024-12-17T23:59:27+00:00",
      "generator": {
        "date": "2024-12-17T23:59:27+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2021:5094",
      "initial_release_date": "2021-12-14T05:50:14+00:00",
      "revision_history": [
        {
          "date": "2021-12-14T05:50:14+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-12-14T05:50:14+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-17T23:59:27+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 3.11",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 3.11",
                  "product_id": "7Server-RH7-RHOSE-3.11",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:3.11::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift3/ose-logging-elasticsearch5@sha256:88379eab3d1e07f120b5dc6fa6ba4ebf96d3afb6aaf388d279084d675b23b5c2_amd64",
                "product": {
                  "name": "openshift3/ose-logging-elasticsearch5@sha256:88379eab3d1e07f120b5dc6fa6ba4ebf96d3afb6aaf388d279084d675b23b5c2_amd64",
                  "product_id": "openshift3/ose-logging-elasticsearch5@sha256:88379eab3d1e07f120b5dc6fa6ba4ebf96d3afb6aaf388d279084d675b23b5c2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ose-logging-elasticsearch5@sha256:88379eab3d1e07f120b5dc6fa6ba4ebf96d3afb6aaf388d279084d675b23b5c2?arch=amd64\u0026repository_url=registry.redhat.io/openshift3/ose-logging-elasticsearch5\u0026tag=v3.11.570-2.gd119820"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift3/ose-logging-elasticsearch5@sha256:88379eab3d1e07f120b5dc6fa6ba4ebf96d3afb6aaf388d279084d675b23b5c2_amd64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-elasticsearch5@sha256:88379eab3d1e07f120b5dc6fa6ba4ebf96d3afb6aaf388d279084d675b23b5c2_amd64"
        },
        "product_reference": "openshift3/ose-logging-elasticsearch5@sha256:88379eab3d1e07f120b5dc6fa6ba4ebf96d3afb6aaf388d279084d675b23b5c2_amd64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-44228",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-12-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030932"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue only affects log4j versions between 2.0  and 2.14.1. In order to exploit this flaw you need:\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n\nIn Red Hat OpenShift Logging the vulnerable log4j library is shipped in the Elasticsearch components. Because Elasticsearch is not susceptible to remote code execution with this vulnerability due to use of the Java Security Manager and because access to these components is limited, the impact by this vulnerability is reduced to Moderate.\n\nAs per upstream applications using Log4j 1.x may be impacted by this flaw if their configuration uses JNDI. However, the risk is much lower. This flaw in Log4j 1.x is tracked via https://access.redhat.com/security/cve/CVE-2021-4104 and has been rated as having Moderate security impact.\n\nCodeReady Studio version 12.21.1 was released containing a fix for this vulnerability.\n\nThe following products are NOT affected by this flaw and have been explicitly listed here for the benefit of our customers.\n- Red Hat Enterprise Linux\n- Red Hat Advanced Cluster Management for Kubernetes \n- Red Hat Advanced Cluster Security for Kubernetes\n- Red Hat Ansible Automation Platform (Engine and Tower)\n- Red Hat Certificate System\n- Red Hat Directory Server\n- Red Hat Identity Management\n- Red Hat CloudForms \n- Red Hat Update Infrastructure\n- Red Hat Satellite\n- Red Hat Ceph Storage\n- Red Hat Gluster Storage\n- Red Hat OpenShift Data Foundation\n- Red Hat OpenStack Platform\n- Red Hat Virtualization\n- Red Hat Single Sign-On\n- Red Hat 3scale API Management",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-elasticsearch5@sha256:88379eab3d1e07f120b5dc6fa6ba4ebf96d3afb6aaf388d279084d675b23b5c2_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030932",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
        },
        {
          "category": "external",
          "summary": "RHSB-2021-009",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q",
          "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.lunasec.io/docs/blog/log4j-zero-day/",
          "url": "https://www.lunasec.io/docs/blog/log4j-zero-day/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-10T02:01:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T05:50:14+00:00",
          "details": "See the following documentation, which will be updated shortly for release\n3.11.z, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258 .",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-elasticsearch5@sha256:88379eab3d1e07f120b5dc6fa6ba4ebf96d3afb6aaf388d279084d675b23b5c2_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5094"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions \u003e=2.10\nset the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true\n\nFor Log4j versions \u003e=2.7 and \u003c=2.14.1\nall PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m\n\nFor Log4j versions \u003e=2.0-beta9 and \u003c=2.10.0\nremove the JndiLookup class from the classpath. For example: \n```\nzip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\n```\n\nOn OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421\n\nOn OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-elasticsearch5@sha256:88379eab3d1e07f120b5dc6fa6ba4ebf96d3afb6aaf388d279084d675b23b5c2_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-elasticsearch5@sha256:88379eab3d1e07f120b5dc6fa6ba4ebf96d3afb6aaf388d279084d675b23b5c2_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2021-12-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value"
    },
    {
      "cve": "CVE-2021-45046",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-12-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2032580"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-elasticsearch5@sha256:88379eab3d1e07f120b5dc6fa6ba4ebf96d3afb6aaf388d279084d675b23b5c2_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "RHBZ#2032580",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/cve/CVE-2021-44228",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4",
          "url": "https://www.openwall.com/lists/oss-security/2021/12/14/4"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T05:50:14+00:00",
          "details": "See the following documentation, which will be updated shortly for release\n3.11.z, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258 .",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-elasticsearch5@sha256:88379eab3d1e07f120b5dc6fa6ba4ebf96d3afb6aaf388d279084d675b23b5c2_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5094"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-elasticsearch5@sha256:88379eab3d1e07f120b5dc6fa6ba4ebf96d3afb6aaf388d279084d675b23b5c2_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-elasticsearch5@sha256:88379eab3d1e07f120b5dc6fa6ba4ebf96d3afb6aaf388d279084d675b23b5c2_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-05-01T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)"
    }
  ]
}

RHSA-2021_5140

Vulnerability from csaf_redhat - Published: 2021-12-15 02:59 - Updated: 2024-12-18 00:01

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update

Severity

Low

Notes

Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-44228

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Vendor Fix Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2021:5140

Workaround For Log4j versions >=2.10 set the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true For Log4j versions >=2.7 and <=2.14.1 all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m For Log4j versions >=2.0-beta9 and <=2.10.0 remove the JndiLookup class from the classpath. For example: ``` zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ``` On OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421 On OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441

References

URL

Category

	https://access.redhat.com/errata/RHSA-2021:5140	self
	https://access.redhat.com/security/updates/classi…	external
	https://access.redhat.com/jbossnetwork/restricted…	external
	https://access.redhat.com/solutions/6577421	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://access.redhat.com/documentation/en-us/red…	external
	https://access.redhat.com/documentation/en-us/red…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2021-44228	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://www.cve.org/CVERecord?id=CVE-2021-44228	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-44228	external
	https://github.com/advisories/GHSA-jfh8-c2jp-5v3q	external
	https://logging.apache.org/log4j/2.x/security.html	external
	https://www.lunasec.io/docs/blog/log4j-zero-day/	external
	https://www.cisa.gov/known-exploited-vulnerabilit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:5140",
        "url": "https://access.redhat.com/errata/RHSA-2021:5140"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/solutions/6577421",
        "url": "https://access.redhat.com/solutions/6577421"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
      },
      {
        "category": "external",
        "summary": "2030932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_5140.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update",
    "tracking": {
      "current_release_date": "2024-12-18T00:01:22+00:00",
      "generator": {
        "date": "2024-12-18T00:01:22+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2021:5140",
      "initial_release_date": "2021-12-15T02:59:53+00:00",
      "revision_history": [
        {
          "date": "2021-12-15T02:59:53+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-12-15T02:59:53+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-18T00:01:22+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "EAP 7.4 log4j async",
                "product": {
                  "name": "EAP 7.4 log4j async",
                  "product_id": "EAP 7.4 log4j async",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-44228",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-12-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030932"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue only affects log4j versions between 2.0  and 2.14.1. In order to exploit this flaw you need:\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n\nIn Red Hat OpenShift Logging the vulnerable log4j library is shipped in the Elasticsearch components. Because Elasticsearch is not susceptible to remote code execution with this vulnerability due to use of the Java Security Manager and because access to these components is limited, the impact by this vulnerability is reduced to Moderate.\n\nAs per upstream applications using Log4j 1.x may be impacted by this flaw if their configuration uses JNDI. However, the risk is much lower. This flaw in Log4j 1.x is tracked via https://access.redhat.com/security/cve/CVE-2021-4104 and has been rated as having Moderate security impact.\n\nCodeReady Studio version 12.21.1 was released containing a fix for this vulnerability.\n\nThe following products are NOT affected by this flaw and have been explicitly listed here for the benefit of our customers.\n- Red Hat Enterprise Linux\n- Red Hat Advanced Cluster Management for Kubernetes \n- Red Hat Advanced Cluster Security for Kubernetes\n- Red Hat Ansible Automation Platform (Engine and Tower)\n- Red Hat Certificate System\n- Red Hat Directory Server\n- Red Hat Identity Management\n- Red Hat CloudForms \n- Red Hat Update Infrastructure\n- Red Hat Satellite\n- Red Hat Ceph Storage\n- Red Hat Gluster Storage\n- Red Hat OpenShift Data Foundation\n- Red Hat OpenStack Platform\n- Red Hat Virtualization\n- Red Hat Single Sign-On\n- Red Hat 3scale API Management",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "EAP 7.4 log4j async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030932",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
        },
        {
          "category": "external",
          "summary": "RHSB-2021-009",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q",
          "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.lunasec.io/docs/blog/log4j-zero-day/",
          "url": "https://www.lunasec.io/docs/blog/log4j-zero-day/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-10T02:01:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-15T02:59:53+00:00",
          "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "EAP 7.4 log4j async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5140"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions \u003e=2.10\nset the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true\n\nFor Log4j versions \u003e=2.7 and \u003c=2.14.1\nall PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m\n\nFor Log4j versions \u003e=2.0-beta9 and \u003c=2.10.0\nremove the JndiLookup class from the classpath. For example: \n```\nzip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\n```\n\nOn OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421\n\nOn OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441",
          "product_ids": [
            "EAP 7.4 log4j async"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "EAP 7.4 log4j async"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2021-12-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value"
    }
  ]
}

RHSA-2021:5129

Vulnerability from csaf_redhat - Published: 2021-12-14 19:37 - Updated: 2026-04-01 18:52

Summary

Red Hat Security Advisory: Openshift Logging security and bug update (5.3.1)

Severity

Moderate

Notes

Topic: An update is now available for OpenShift Logging 5.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Openshift Logging Security and Bug Fix Release (5.3.1) Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) * netty: Request smuggling via content-length header (CVE-2021-21409) * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-21409

A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Vendor Fix For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5129

CVE-2021-37136

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5129

CVE-2021-37137

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5129

CVE-2021-44228

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Vendor Fix For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5129

Workaround For Log4j versions >=2.10 set the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true For Log4j versions >=2.7 and <=2.14.1 all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m For Log4j versions >=2.0-beta9 and <=2.10.0 remove the JndiLookup class from the classpath. For example: ``` zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ``` On OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421 On OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441

CVE-2021-45046

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Vendor Fix For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html https://access.redhat.com/errata/RHSA-2021:5129

Workaround For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).

References

URL

Category

	https://access.redhat.com/errata/RHSA-2021:5129	self
	https://access.redhat.com/security/updates/classi…	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1944888	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2004133	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2004135	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://issues.redhat.com/browse/LOG-1897	external
	https://issues.redhat.com/browse/LOG-1925	external
	https://issues.redhat.com/browse/LOG-1962	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2021-21409	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1944888	external
	https://www.cve.org/CVERecord?id=CVE-2021-21409	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-21409	external
	https://github.com/netty/netty/security/advisorie…	external
	https://access.redhat.com/security/cve/CVE-2021-37136	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2004133	external
	https://www.cve.org/CVERecord?id=CVE-2021-37136	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-37136	external
	https://github.com/netty/netty/security/advisorie…	external
	https://access.redhat.com/security/cve/CVE-2021-37137	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2004135	external
	https://www.cve.org/CVERecord?id=CVE-2021-37137	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-37137	external
	https://access.redhat.com/security/cve/CVE-2021-44228	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://www.cve.org/CVERecord?id=CVE-2021-44228	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-44228	external
	https://github.com/advisories/GHSA-jfh8-c2jp-5v3q	external
	https://logging.apache.org/log4j/2.x/security.html	external
	https://www.lunasec.io/docs/blog/log4j-zero-day/	external
	https://www.cisa.gov/known-exploited-vulnerabilit…	external
	https://access.redhat.com/security/cve/CVE-2021-45046	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2032580	external
	https://www.cve.org/CVERecord?id=CVE-2021-45046	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-45046	external
	https://access.redhat.com/security/cve/CVE-2021-44228	external
	https://www.openwall.com/lists/oss-security/2021/…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for OpenShift Logging 5.3.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Openshift Logging Security and Bug Fix Release (5.3.1)\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:5129",
        "url": "https://access.redhat.com/errata/RHSA-2021:5129"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
      },
      {
        "category": "external",
        "summary": "1944888",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
      },
      {
        "category": "external",
        "summary": "2004133",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
      },
      {
        "category": "external",
        "summary": "2004135",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
      },
      {
        "category": "external",
        "summary": "2030932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
      },
      {
        "category": "external",
        "summary": "LOG-1897",
        "url": "https://issues.redhat.com/browse/LOG-1897"
      },
      {
        "category": "external",
        "summary": "LOG-1925",
        "url": "https://issues.redhat.com/browse/LOG-1925"
      },
      {
        "category": "external",
        "summary": "LOG-1962",
        "url": "https://issues.redhat.com/browse/LOG-1962"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_5129.json"
      }
    ],
    "title": "Red Hat Security Advisory: Openshift Logging security and bug update (5.3.1)",
    "tracking": {
      "current_release_date": "2026-04-01T18:52:53+00:00",
      "generator": {
        "date": "2026-04-01T18:52:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.4"
        }
      },
      "id": "RHSA-2021:5129",
      "initial_release_date": "2021-12-14T19:37:00+00:00",
      "revision_history": [
        {
          "date": "2021-12-14T19:37:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-12-14T19:37:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-01T18:52:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "OpenShift Logging 5.3",
                "product": {
                  "name": "OpenShift Logging 5.3",
                  "product_id": "8Base-OSE-LOGGING-5.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:logging:5.3::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.3.1-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.3.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-66"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
                "product": {
                  "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
                  "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-43"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-46"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-65"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-63"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-70"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-73"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.3.1-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.3.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-66"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
                "product": {
                  "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
                  "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-43"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-46"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-65"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-63"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-70"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-73"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.3.1-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
                  "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.3.1-12"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.3.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
                  "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.3.1-12"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-66"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
                "product": {
                  "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
                  "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-43"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-46"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-65"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-63"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-70"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-73"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le"
        },
        "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x"
        },
        "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64"
        },
        "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-21409",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2021-03-30T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1944888"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: Request smuggling via content-length header",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Satellite ships a vulnerable Netty version embedded in Candlepin. However, it is not directly vulnerable since the HTTP requests are handled by Tomcat and not by Netty.\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21409"
        },
        {
          "category": "external",
          "summary": "RHBZ#1944888",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21409",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
        }
      ],
      "release_date": "2021-03-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T19:37:00+00:00",
          "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5129"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty: Request smuggling via content-length header"
    },
    {
      "cve": "CVE-2021-37136",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-09-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2004133"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-37136"
        },
        {
          "category": "external",
          "summary": "RHBZ#2004133",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
        }
      ],
      "release_date": "2021-09-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T19:37:00+00:00",
          "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5129"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data"
    },
    {
      "cve": "CVE-2021-37137",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-09-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2004135"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-37137"
        },
        {
          "category": "external",
          "summary": "RHBZ#2004135",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
        }
      ],
      "release_date": "2021-09-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T19:37:00+00:00",
          "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5129"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way"
    },
    {
      "cve": "CVE-2021-44228",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-12-10T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030932"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue only affects log4j versions between 2.0  and 2.14.1. In order to exploit this flaw you need:\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n\nIn Red Hat OpenShift Logging the vulnerable log4j library is shipped in the Elasticsearch components. Because Elasticsearch is not susceptible to remote code execution with this vulnerability due to use of the Java Security Manager and because access to these components is limited, the impact by this vulnerability is reduced to Moderate.\n\nAs per upstream applications using Log4j 1.x may be impacted by this flaw if their configuration uses JNDI. However, the risk is much lower. This flaw in Log4j 1.x is tracked via https://access.redhat.com/security/cve/CVE-2021-4104 and has been rated as having Moderate security impact.\n\nCodeReady Studio version 12.21.1 was released containing a fix for this vulnerability.\n\nThe following products are NOT affected by this flaw and have been explicitly listed here for the benefit of our customers.\n- Red Hat Enterprise Linux\n- Red Hat Advanced Cluster Management for Kubernetes \n- Red Hat Advanced Cluster Security for Kubernetes\n- Red Hat Ansible Automation Platform (Engine and Tower)\n- Red Hat Certificate System\n- Red Hat Directory Server\n- Red Hat Identity Management\n- Red Hat CloudForms \n- Red Hat Update Infrastructure\n- Red Hat Satellite\n- Red Hat Ceph Storage\n- Red Hat Gluster Storage\n- Red Hat OpenShift Data Foundation\n- Red Hat OpenStack Platform\n- Red Hat Virtualization\n- Red Hat Single Sign-On\n- Red Hat 3scale API Management",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030932",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
        },
        {
          "category": "external",
          "summary": "RHSB-2021-009",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q",
          "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.lunasec.io/docs/blog/log4j-zero-day/",
          "url": "https://www.lunasec.io/docs/blog/log4j-zero-day/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-10T02:01:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T19:37:00+00:00",
          "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5129"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions \u003e=2.10\nset the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true\n\nFor Log4j versions \u003e=2.7 and \u003c=2.14.1\nall PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m\n\nFor Log4j versions \u003e=2.0-beta9 and \u003c=2.10.0\nremove the JndiLookup class from the classpath. For example: \n```\nzip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\n```\n\nOn OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421\n\nOn OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2021-12-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value"
    },
    {
      "cve": "CVE-2021-45046",
      "cwe": {
        "id": "CWE-917",
        "name": "Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)"
      },
      "discovery_date": "2021-12-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2032580"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "RHBZ#2032580",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/cve/CVE-2021-44228",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44228"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4",
          "url": "https://www.openwall.com/lists/oss-security/2021/12/14/4"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2021-12-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-14T19:37:00+00:00",
          "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5129"
        },
        {
          "category": "workaround",
          "details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:90c3bac2bd24cf79249202fc7e7124c602fabb929147bcb5b98564a601b73b05_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:06ef75fc95f01c81ff8effe58060b0c7eada7436a4657087af7dcf34779b78a9_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:a8c9d81be0f59bf60bcdc03584d8093812a8552cb4e5f2926ae8474e41b193b2_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:d16e91e1aeaac45aa51b7f2b0ebe548faa74b141e644e964f94c8ae4b5adc338_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:f9eac45d398c5772be52b65e2d6e0bb857a60a4e0f4c789e5c72473855ba2b41_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:ab6b5992f1718a79b26cab831a3f96c46ac2354e34d7488576830e2e5e5f949c_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d806d2223dc344244469a89430d9e60d5d4310e6ed626a6d6b0dfe5d191aa5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:fb217034ad478016ece30afe0f892f407e0b5f8e7931962a1376310f87bb6e08_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:75cfb6204d4d74460451dbc0d3f046235f3f00261f5124e4c2616e6ef17e76ca_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:aa4897baa35b4d3c5d2f1b64ecc384bfd0088233da29b50da562622a01da71cd_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ee5026614e766aaaf52ba6437577c94235e2021d8d82b13d90960220d27d8ff8_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:458c0ecce2582cdaad4b1a179ba7cf22a3831fab833e8b38b6001662cef088d9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:55fb246ff597b28fff584042a6dd86f3b0de83e1271e151aeb7836e1c127f08e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:cbfac57572671eb995342bfd97e2671b60434ea688a759d05c61176ec4c6e49c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:959a047204a93d8d6460fafa7616ff154e8feb08a7c05d6867f99ec1a87ebf73_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:9f5f2df7b88610ec8ca085d2c48d527f3863b8c7e865786090df3040a51bda69_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:c4480951503ca7072e946b1fde63bc7ef45eb60c7d62a8a2d204e972884266be_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:8e6e030a092c94af29c0fc50f79abcfd058aee14d929dfaea457bb39891c57fe_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e460881db1614b5fabbd938fa674f82e90524beb54ae2619acaf50665785892e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:e5bab509f084458d27d3bb32fd82132ce03523bbec45ce4aa8f68837c0cfc2db_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0599610c8e53b621fa1a6079cdc636477b38d5d1747c7221d67dda1b4a362258_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:588c93bed798115647759a8fa778fe5c0f4110ff31f863718453105d04c0a6f8_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:ba0909befb1bcc75437a1b389032e8cf9526692a5ee2ad610df0acd870aba9f0_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:41f878aefc6559950120527e2ae422a79c3d768b00885a5426fcae655aaae8b7_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:542269634b1bf21cb986f1618161b7b50f7871d61286e43d2b9acf39abf745f0_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:daaf25c751e4562a4a06d4e30f33db2b01a2557e03053afc2dc4a85377ab4dc5_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:5eed6d7086407a59ff8a0750b64fc9b245dd12551db404bc13b9a4cd35a60c8c_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:9abe7a5c17765cce39f514185e81d19045370098f5cf44c444f401324c527c78_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:cd0808c73ea0fb52b679800fd90641578d0788cb0cb63419b2c6c8d6c385da7d_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-05-01T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)"
    }
  ]
}

RHSA-2022:0296

Vulnerability from csaf_redhat - Published: 2022-01-26 15:52 - Updated: 2026-04-02 00:52

Summary

Red Hat Security Advisory: Red Hat Process Automation Manager 7.12.0 security update

Severity

Critical

Notes

Topic: An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.12.0 serves as an update to Red Hat Process Automation Manager 7.11.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) * jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491) * kubernetes-client: fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.* (CVE-2021-39149) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39145) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39151) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration (CVE-2021-39147) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator (CVE-2021-39148) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39141) * xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39146) * xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39154) * xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.* (CVE-2021-39144) * xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39139) * xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39153) * xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler (CVE-2021-39140) * xstream: remote command execution attack by manipulating the processed input stream (CVE-2021-29505) * xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39150) * xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData (CVE-2021-39152) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2020-28491

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-20218

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-29505

A flaw was found in XStream. By manipulating the processed input stream, a remote attacker may be able to obtain sufficient rights to execute commands. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

Workaround Depending on the version of XStream used there are various usage patterns that mitigate this flaw, though we would strongly recommend using the allow list approach if at all possible as there are likely more class combinations the deny list approach may not address. Allow list approach ```java XStream xstream = new XStream(); XStream.setupDefaultSecurity(xstream); xstream.allowTypesByWildcard(new String[] {"com.misc.classname"}) ``` Deny list for XStream 1.4.16 (this should also address some previous flaws found in 1.4.7 - > 1.4.15) ```java xstream.denyTypesByRegExp(new String[]{ ".*\\.Lazy(?:Search)?Enumeration.*", "(?:java|sun)\\.rmi\\..*" }); ``` Deny list for XStream 1.4.15 ```java xstream.denyTypes(new String[]{ "sun.awt.datatransfer.DataTransferer$IndexOrderComparator", "sun.swing.SwingLazyValue", "com.sun.corba.se.impl.activation.ServerTableEntry", "com.sun.tools.javac.processing.JavacProcessingEnvironment$NameProcessIterator" }); xstream.denyTypesByRegExp(new String[]{ ".*\\$ServiceNameIterator", "javafx\\.collections\\.ObservableList\\$.*", ".*\\.bcel\\..*\\.util\\.ClassLoader" }); xstream.denyTypeHierarchy(java.io.InputStream.class ); xstream.denyTypeHierarchy(java.nio.channels.Channel.class ); xstream.denyTypeHierarchy(javax.activation.DataSource.class ); xstream.denyTypeHierarchy(javax.sql.rowset.BaseRowSet.class ); ``` Deny list for XStream 1.4.13 ```java xstream.denyTypes(new String[]{ "javax.imageio.ImageIO$ContainsFilter" }); xstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class }); ``` Deny list for XStream 1.4.7 -> 1.4.12 ```java xstream.denyTypes(new String[]{ "javax.imageio.ImageIO$ContainsFilter" }); xstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class, java.beans.EventHandler.class, java.lang.ProcessBuilder.class, java.lang.Void.class, void.class }); ``` Deny list for versions prior to XStream 1.4.7 ```java xstream.registerConverter(new Converter() { public boolean canConvert(Class type) { return type != null && (type == java.beans.EventHandler.class || type == java.lang.ProcessBuilder.class || type == java.lang.Void.class || void.class || type.getName().equals("javax.imageio.ImageIO$ContainsFilter") || Proxy.isProxy(type)); } public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) { throw new ConversionException("Unsupported type due to security reasons."); } public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) { throw new ConversionException("Unsupported type due to security reasons."); } }, XStream.PRIORITY_LOW); ```

CVE-2021-39139

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39140

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39141

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39144

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39145

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39146

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39147

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39148

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39149

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39150

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-918 - Server-Side Request Forgery (SSRF)

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39151

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39152

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-918 - Server-Side Request Forgery (SSRF)

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39153

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-39154

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

CVE-2021-44228

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Vendor Fix For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). https://access.redhat.com/errata/RHSA-2022:0296

Workaround For Log4j versions >=2.10 set the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true For Log4j versions >=2.7 and <=2.14.1 all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m For Log4j versions >=2.0-beta9 and <=2.10.0 remove the JndiLookup class from the classpath. For example: ``` zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ``` On OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421 On OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441

References

URL

Category

	https://access.redhat.com/errata/RHSA-2022:0296	self
	https://access.redhat.com/security/updates/classi…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1923405	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1930423	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1966735	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997763	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997765	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997769	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997772	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997775	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997777	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997779	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997781	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997784	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997786	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997791	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997793	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997795	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1997801	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2020-28491	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1930423	external
	https://www.cve.org/CVERecord?id=CVE-2020-28491	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-28491	external
	https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSO…	external
	https://access.redhat.com/security/cve/CVE-2021-20218	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1923405	external
	https://www.cve.org/CVERecord?id=CVE-2021-20218	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-20218	external
	https://github.com/fabric8io/kubernetes-client/is…	external
	https://access.redhat.com/security/cve/CVE-2021-29505	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1966735	external
	https://www.cve.org/CVERecord?id=CVE-2021-29505	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-29505	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://x-stream.github.io/CVE-2021-29505.html	external
	https://access.redhat.com/security/cve/CVE-2021-39139	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997763	external
	https://www.cve.org/CVERecord?id=CVE-2021-39139	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39139	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39140	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997765	external
	https://www.cve.org/CVERecord?id=CVE-2021-39140	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39140	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39141	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997769	external
	https://www.cve.org/CVERecord?id=CVE-2021-39141	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39141	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39144	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997772	external
	https://www.cve.org/CVERecord?id=CVE-2021-39144	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39144	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://www.cisa.gov/known-exploited-vulnerabilit…	external
	https://access.redhat.com/security/cve/CVE-2021-39145	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997775	external
	https://www.cve.org/CVERecord?id=CVE-2021-39145	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39145	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39146	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997777	external
	https://www.cve.org/CVERecord?id=CVE-2021-39146	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39146	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39147	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997779	external
	https://www.cve.org/CVERecord?id=CVE-2021-39147	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39147	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39148	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997781	external
	https://www.cve.org/CVERecord?id=CVE-2021-39148	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39148	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39149	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997784	external
	https://www.cve.org/CVERecord?id=CVE-2021-39149	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39149	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39150	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997786	external
	https://www.cve.org/CVERecord?id=CVE-2021-39150	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39150	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39151	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997791	external
	https://www.cve.org/CVERecord?id=CVE-2021-39151	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39151	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39152	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997793	external
	https://www.cve.org/CVERecord?id=CVE-2021-39152	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39152	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39153	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997795	external
	https://www.cve.org/CVERecord?id=CVE-2021-39153	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39153	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-39154	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1997801	external
	https://www.cve.org/CVERecord?id=CVE-2021-39154	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-39154	external
	https://github.com/x-stream/xstream/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2021-44228	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2030932	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://www.cve.org/CVERecord?id=CVE-2021-44228	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-44228	external
	https://github.com/advisories/GHSA-jfh8-c2jp-5v3q	external
	https://logging.apache.org/log4j/2.x/security.html	external
	https://www.lunasec.io/docs/blog/log4j-zero-day/	external

Acknowledgments

Ivan Bodrov

Red Hat Marc Nuri

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis release of Red Hat Process Automation Manager 7.12.0 serves as an update to Red Hat Process Automation Manager 7.11.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\n* jackson-dataformat-cbor:  Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)\n\n* kubernetes-client: fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218)\n\n* xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.* (CVE-2021-39149)\n\n* xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39145)\n\n* xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39151)\n\n* xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration (CVE-2021-39147)\n\n* xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator (CVE-2021-39148)\n\n* xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39141)\n\n* xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39146)\n\n* xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39154)\n\n* xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.* (CVE-2021-39144)\n\n* xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39139)\n\n* xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39153)\n\n* xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler (CVE-2021-39140)\n\n* xstream: remote command execution attack by manipulating the processed input stream (CVE-2021-29505)\n\n* xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39150)\n\n* xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData (CVE-2021-39152)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:0296",
        "url": "https://access.redhat.com/errata/RHSA-2022:0296"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "1923405",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923405"
      },
      {
        "category": "external",
        "summary": "1930423",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423"
      },
      {
        "category": "external",
        "summary": "1966735",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966735"
      },
      {
        "category": "external",
        "summary": "1997763",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997763"
      },
      {
        "category": "external",
        "summary": "1997765",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997765"
      },
      {
        "category": "external",
        "summary": "1997769",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997769"
      },
      {
        "category": "external",
        "summary": "1997772",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997772"
      },
      {
        "category": "external",
        "summary": "1997775",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997775"
      },
      {
        "category": "external",
        "summary": "1997777",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997777"
      },
      {
        "category": "external",
        "summary": "1997779",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997779"
      },
      {
        "category": "external",
        "summary": "1997781",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997781"
      },
      {
        "category": "external",
        "summary": "1997784",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997784"
      },
      {
        "category": "external",
        "summary": "1997786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997786"
      },
      {
        "category": "external",
        "summary": "1997791",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997791"
      },
      {
        "category": "external",
        "summary": "1997793",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997793"
      },
      {
        "category": "external",
        "summary": "1997795",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997795"
      },
      {
        "category": "external",
        "summary": "1997801",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997801"
      },
      {
        "category": "external",
        "summary": "2030932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0296.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.12.0 security update",
    "tracking": {
      "current_release_date": "2026-04-02T00:52:37+00:00",
      "generator": {
        "date": "2026-04-02T00:52:37+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.4"
        }
      },
      "id": "RHSA-2022:0296",
      "initial_release_date": "2022-01-26T15:52:53+00:00",
      "revision_history": [
        {
          "date": "2022-01-26T15:52:53+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-01-26T15:52:53+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-02T00:52:37+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHPAM 7.12.0",
                "product": {
                  "name": "RHPAM 7.12.0",
                  "product_id": "RHPAM 7.12.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Process Automation Manager"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-28491",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-02-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1930423"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jackson-dataformat-cbor.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nIn OCP 4.6 the openshift4/ose-logging-elasticsearch6 container delivers the vulnerable version of jackson-dataformat-cbor, but OCP 4.6 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support, hence this component is marked as ooss. Since the release of OCP 4.7 this component is delivered as part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8 container).\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.12.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-28491"
        },
        {
          "category": "external",
          "summary": "RHBZ#1930423",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28491",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-28491"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329",
          "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329"
        }
      ],
      "release_date": "2021-02-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-26T15:52:53+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.12.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0296"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Ivan Bodrov"
          ]
        },
        {
          "names": [
            "Marc Nuri"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2021-20218",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2021-02-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1923405"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform 4 (OCP) there are no plans to maintain the ose-logging-elasticsearch5 container, therefore it has been marked wontfix at this time and maybe fixed in a future update.\n\nRed Hat CodeReady WorkSpaces 2.7.0 does not ship fabric8-kubernetes-client and is therefore not affected by this flaw.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.12.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-20218"
        },
        {
          "category": "external",
          "summary": "RHBZ#1923405",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923405"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20218",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-20218"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20218",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20218"
        },
        {
          "category": "external",
          "summary": "https://github.com/fabric8io/kubernetes-client/issues/2715",
          "url": "https://github.com/fabric8io/kubernetes-client/issues/2715"
        }
      ],
      "release_date": "2021-01-12T04:35:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-26T15:52:53+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.12.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0296"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise"
    },
    {
      "cve": "CVE-2021-29505",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2021-05-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1966735"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in XStream. By manipulating the processed input stream, a remote attacker may be able to obtain sufficient rights to execute commands. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "XStream: remote command execution attack by manipulating the processed input stream",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\nCodeReady Studio 12 ships a version of xstream that is affected by this flaw as a transitive dependency for the Wise framework plugin. However, the vulnerable code is not called, so this flaw has been marked as Low severity for CodeReady Studio 12.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.12.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-29505"
        },
        {
          "category": "external",
          "summary": "RHBZ#1966735",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966735"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-29505",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-29505"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29505",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29505"
        },
        {
          "category": "external",
          "summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc",
          "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc"
        },
        {
          "category": "external",
          "summary": "https://x-stream.github.io/CVE-2021-29505.html",
          "url": "https://x-stream.github.io/CVE-2021-29505.html"
        }
      ],
      "release_date": "2021-05-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-26T15:52:53+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.12.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0296"
        },
        {
          "category": "workaround",
          "details": "Depending on the version of XStream used there are various usage patterns that mitigate this flaw, though we would strongly recommend using the allow list approach if at all possible as there are likely more class combinations the deny list approach may not address.\n\nAllow list approach\n```java\nXStream xstream = new XStream();\nXStream.setupDefaultSecurity(xstream);\nxstream.allowTypesByWildcard(new String[] {\"com.misc.classname\"})\n```\nDeny list for XStream 1.4.16 (this should also address some previous flaws found in 1.4.7 - \u003e 1.4.15) \n```java\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.Lazy(?:Search)?Enumeration.*\", \"(?:java|sun)\\\\.rmi\\\\..*\" });\n```\n\nDeny list for XStream 1.4.15\n```java\nxstream.denyTypes(new String[]{ \"sun.awt.datatransfer.DataTransferer$IndexOrderComparator\", \"sun.swing.SwingLazyValue\", \"com.sun.corba.se.impl.activation.ServerTableEntry\", \"com.sun.tools.javac.processing.JavacProcessingEnvironment$NameProcessIterator\" });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\$ServiceNameIterator\", \"javafx\\\\.collections\\\\.ObservableList\\\\$.*\", \".*\\\\.bcel\\\\..*\\\\.util\\\\.ClassLoader\" });\nxstream.denyTypeHierarchy(java.io.InputStream.class );\nxstream.denyTypeHierarchy(java.nio.channels.Channel.class );\nxstream.denyTypeHierarchy(javax.activation.DataSource.class );\nxstream.denyTypeHierarchy(javax.sql.rowset.BaseRowSet.class );\n```\n\nDeny list for XStream 1.4.13\n```java\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class });\n```\n\nDeny list for XStream 1.4.7 -\u003e 1.4.12\n```java\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class, java.beans.EventHandler.class, java.lang.ProcessBuilder.class, java.lang.Void.class, void.class });\n```\n\nDeny list for versions prior to XStream 1.4.7\n```java\nxstream.registerConverter(new Converter() {\n  public boolean canConvert(Class type) {\n    return type != null \u0026\u0026 (type == java.beans.EventHandler.class || type == java.lang.ProcessBuilder.class || type == java.lang.Void.class || void.class || type.getName().equals(\"javax.imageio.ImageIO$ContainsFilter\") || Proxy.isProxy(type));\n  }\n\n  public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {\n    throw new ConversionException(\"Unsupported type due to security reasons.\");\n  }\n\n  public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) {\n    throw new ConversionException(\"Unsupported type due to security reasons.\");\n  }\n}, XStream.PRIORITY_LOW);\n```",
          "product_ids": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.12.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "XStream: remote command execution attack by manipulating the processed input stream"
    },
    {
      "cve": "CVE-2021-39139",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2021-08-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1997763"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.Templ

CVE-2021-44228 (GCVE-0-2021-44228)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Details

References

Action not permitted

CVE-2021-44228 (GCVE-0-2021-44228)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solutions

Solutions

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solutions

Solution

Solution

Solution

Solutions

Solution

Solution