Vulnerability-Lookup

CVE-2022-38398 (GCVE-0-2022-38398)

Vulnerability from cvelistv5 – Published: 2022-09-22 00:00 – Updated: 2025-11-03 19:27

Title

Server-Side Request Forgery Information Disclosure Vulnerability

Summary

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Assigner

apache

References

4 references

URL	Tags
https://lists.apache.org/thread/712c9xwtmyghyokzr…
https://lists.debian.org/debian-lts-announce/2023…	mailing-list
https://security.gentoo.org/glsa/202401-11	vendor-advisory
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache XML Graphics	Affected: Batik 1.14

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:27:24.506Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx"
          },
          {
            "name": "[debian-lts-announce] 20231014 [SECURITY] [DLA 3619-1] batik security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html"
          },
          {
            "name": "GLSA-202401-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-11"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00006.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache XML Graphics",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "Batik 1.14"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918 Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-07T11:06:23.622Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "url": "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx"
        },
        {
          "name": "[debian-lts-announce] 20231014 [SECURITY] [DLA 3619-1] batik security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html"
        },
        {
          "name": "GLSA-202401-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-11"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Server-Side Request Forgery Information Disclosure Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2022-38398",
    "datePublished": "2022-09-22T00:00:00.000Z",
    "dateReserved": "2022-08-18T00:00:00.000Z",
    "dateUpdated": "2025-11-03T19:27:24.506Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-38398",
      "date": "2026-06-06",
      "epss": "0.00225",
      "percentile": "0.45321"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:batik:1.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F4442FE-A805-4B59-BA99-9E492F793BAB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en Batik de Apache XML Graphics permite a un atacante cargar una url mediante el protocolo jar. Este problema afecta a Batik de Apache XML Graphics versi\\u00f3n 1.14\"}]",
      "id": "CVE-2022-38398",
      "lastModified": "2024-11-21T07:16:23.787",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
      "published": "2022-09-22T15:15:09.287",
      "references": "[{\"url\": \"https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-11\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-11\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-918\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-918\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-38398\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2022-09-22T15:15:09.287\",\"lastModified\":\"2025-11-03T20:15:56.057\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en Batik de Apache XML Graphics permite a un atacante cargar una url mediante el protocolo jar. Este problema afecta a Batik de Apache XML Graphics versi\u00f3n 1.14\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:batik:1.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F4442FE-A805-4B59-BA99-9E492F793BAB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-11\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/07/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202401-11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

SUSE-SU-2024:0777-1

Vulnerability from csaf_suse - Published: 2024-03-06 11:54 - Updated: 2024-03-06 11:54

Summary

Security update for xmlgraphics-batik

Severity

Important

Notes

Title of the patch: Security update for xmlgraphics-batik

Description of the patch: This update for xmlgraphics-batik fixes the following issues: - CVE-2017-5662: Fixed Apache Batik information disclosure vulnerability (bsc#1034675). - CVE-2019-17566: Fixed SSRF vulnerability (bsc#1172961). - CVE-2020-11987: Fixed Apache XML Graphics Batik SSRF vulnerability (bsc#1182748). - CVE-2022-38398: Fixed information disclosure vulnerability (bsc#1203674). - CVE-2022-38648: Fixed information disclosure vulnerability (bsc#1203673). - CVE-2022-40146: Fixed information disclosure vulnerability (bsc#1203672). - CVE-2022-41704: Fixed information disclosure vulnerability in Apache Batik (bsc#1204704). - CVE-2022-42890: Fixed information disclosure vulnerability in Apache Batik (bsc#1204709). - CVE-2022-44729: Fixed Server-Side Request Forgery. - CVE-2022-44730: Fixed Server-Side Request Forgery. Upgrade to version 1.17.

Patchnames: SUSE-2024-777,SUSE-SLE-SDK-12-SP5-2024-777

CVE-2017-5662

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch		—	Vendor Fix

Threats

Impact important

CVE-2019-17566

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch		—	Vendor Fix

Threats

Impact moderate

CVE-2020-11987

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch		—	Vendor Fix

Threats

Impact moderate

CVE-2022-38398

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch		—	Vendor Fix

Threats

Impact moderate

CVE-2022-38648

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch		—	Vendor Fix

Threats

Impact moderate

CVE-2022-40146

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch		—	Vendor Fix

Threats

Impact moderate

CVE-2022-41704

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch		—	Vendor Fix

Threats

Impact moderate

CVE-2022-42890

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch		—	Vendor Fix

Threats

Impact moderate

CVE-2022-44729

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch		—	Vendor Fix

Threats

Impact important

CVE-2022-44730

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch		—	Vendor Fix

Threats

Impact moderate

References

40 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1034675	self
https://bugzilla.suse.com/1172961	self
https://bugzilla.suse.com/1182748	self
https://bugzilla.suse.com/1203672	self
https://bugzilla.suse.com/1203673	self
https://bugzilla.suse.com/1203674	self
https://bugzilla.suse.com/1204704	self
https://bugzilla.suse.com/1204709	self
https://www.suse.com/security/cve/CVE-2017-5662/	self
https://www.suse.com/security/cve/CVE-2019-17566/	self
https://www.suse.com/security/cve/CVE-2020-11987/	self
https://www.suse.com/security/cve/CVE-2022-38398/	self
https://www.suse.com/security/cve/CVE-2022-38648/	self
https://www.suse.com/security/cve/CVE-2022-40146/	self
https://www.suse.com/security/cve/CVE-2022-41704/	self
https://www.suse.com/security/cve/CVE-2022-42890/	self
https://www.suse.com/security/cve/CVE-2022-44729/	self
https://www.suse.com/security/cve/CVE-2022-44730/	self
https://www.suse.com/security/cve/CVE-2017-5662	external
https://bugzilla.suse.com/1034675	external
https://www.suse.com/security/cve/CVE-2019-17566	external
https://bugzilla.suse.com/1172961	external
https://www.suse.com/security/cve/CVE-2020-11987	external
https://bugzilla.suse.com/1182748	external
https://www.suse.com/security/cve/CVE-2022-38398	external
https://bugzilla.suse.com/1203674	external
https://www.suse.com/security/cve/CVE-2022-38648	external
https://bugzilla.suse.com/1203673	external
https://www.suse.com/security/cve/CVE-2022-40146	external
https://bugzilla.suse.com/1203672	external
https://www.suse.com/security/cve/CVE-2022-41704	external
https://bugzilla.suse.com/1204704	external
https://www.suse.com/security/cve/CVE-2022-42890	external
https://bugzilla.suse.com/1204709	external
https://www.suse.com/security/cve/CVE-2022-44729	external
https://www.suse.com/security/cve/CVE-2022-44730	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for xmlgraphics-batik",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for xmlgraphics-batik fixes the following issues:\n\n- CVE-2017-5662: Fixed Apache Batik information disclosure vulnerability (bsc#1034675).\n- CVE-2019-17566: Fixed SSRF vulnerability (bsc#1172961).\n- CVE-2020-11987: Fixed Apache XML Graphics Batik SSRF vulnerability (bsc#1182748).\n- CVE-2022-38398: Fixed information disclosure vulnerability (bsc#1203674).\n- CVE-2022-38648: Fixed information disclosure vulnerability (bsc#1203673).\n- CVE-2022-40146: Fixed information disclosure vulnerability (bsc#1203672).\n- CVE-2022-41704: Fixed information disclosure vulnerability in Apache Batik (bsc#1204704).\n- CVE-2022-42890: Fixed information disclosure vulnerability in Apache Batik (bsc#1204709).\n- CVE-2022-44729: Fixed Server-Side Request Forgery.\n- CVE-2022-44730: Fixed Server-Side Request Forgery.\n\nUpgrade to version 1.17.\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-777,SUSE-SLE-SDK-12-SP5-2024-777",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0777-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:0777-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240777-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:0777-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018100.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1034675",
        "url": "https://bugzilla.suse.com/1034675"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1172961",
        "url": "https://bugzilla.suse.com/1172961"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1182748",
        "url": "https://bugzilla.suse.com/1182748"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203672",
        "url": "https://bugzilla.suse.com/1203672"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203673",
        "url": "https://bugzilla.suse.com/1203673"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203674",
        "url": "https://bugzilla.suse.com/1203674"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204704",
        "url": "https://bugzilla.suse.com/1204704"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204709",
        "url": "https://bugzilla.suse.com/1204709"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-5662 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-5662/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17566 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17566/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-11987 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-11987/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-38398 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-38398/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-38648 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-38648/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-40146 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-40146/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-41704 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-41704/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-42890 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-42890/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-44729 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-44729/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-44730 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-44730/"
      }
    ],
    "title": "Security update for xmlgraphics-batik",
    "tracking": {
      "current_release_date": "2024-03-06T11:54:24Z",
      "generator": {
        "date": "2024-03-06T11:54:24Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:0777-1",
      "initial_release_date": "2024-03-06T11:54:24Z",
      "revision_history": [
        {
          "date": "2024-03-06T11:54:24Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-1.17-2.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-1.17-2.7.1.noarch",
                  "product_id": "xmlgraphics-batik-1.17-2.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-demo-1.17-2.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-demo-1.17-2.7.1.noarch",
                  "product_id": "xmlgraphics-batik-demo-1.17-2.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-javadoc-1.17-2.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-javadoc-1.17-2.7.1.noarch",
                  "product_id": "xmlgraphics-batik-javadoc-1.17-2.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-rasterizer-1.17-2.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-rasterizer-1.17-2.7.1.noarch",
                  "product_id": "xmlgraphics-batik-rasterizer-1.17-2.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-slideshow-1.17-2.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-slideshow-1.17-2.7.1.noarch",
                  "product_id": "xmlgraphics-batik-slideshow-1.17-2.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-squiggle-1.17-2.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-squiggle-1.17-2.7.1.noarch",
                  "product_id": "xmlgraphics-batik-squiggle-1.17-2.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-svgpp-1.17-2.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-svgpp-1.17-2.7.1.noarch",
                  "product_id": "xmlgraphics-batik-svgpp-1.17-2.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "xmlgraphics-batik-ttf2svg-1.17-2.7.1.noarch",
                "product": {
                  "name": "xmlgraphics-batik-ttf2svg-1.17-2.7.1.noarch",
                  "product_id": "xmlgraphics-batik-ttf2svg-1.17-2.7.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-sdk:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xmlgraphics-batik-1.17-2.7.1.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
        },
        "product_reference": "xmlgraphics-batik-1.17-2.7.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-5662",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-5662"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-5662",
          "url": "https://www.suse.com/security/cve/CVE-2017-5662"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1034675 for CVE-2017-5662",
          "url": "https://bugzilla.suse.com/1034675"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-06T11:54:24Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-5662"
    },
    {
      "cve": "CVE-2019-17566",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17566"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17566",
          "url": "https://www.suse.com/security/cve/CVE-2019-17566"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172961 for CVE-2019-17566",
          "url": "https://bugzilla.suse.com/1172961"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-06T11:54:24Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-17566"
    },
    {
      "cve": "CVE-2020-11987",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-11987"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-11987",
          "url": "https://www.suse.com/security/cve/CVE-2020-11987"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1182748 for CVE-2020-11987",
          "url": "https://bugzilla.suse.com/1182748"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-06T11:54:24Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-11987"
    },
    {
      "cve": "CVE-2022-38398",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-38398"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-38398",
          "url": "https://www.suse.com/security/cve/CVE-2022-38398"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203674 for CVE-2022-38398",
          "url": "https://bugzilla.suse.com/1203674"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-06T11:54:24Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-38398"
    },
    {
      "cve": "CVE-2022-38648",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-38648"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-38648",
          "url": "https://www.suse.com/security/cve/CVE-2022-38648"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203673 for CVE-2022-38648",
          "url": "https://bugzilla.suse.com/1203673"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-06T11:54:24Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-38648"
    },
    {
      "cve": "CVE-2022-40146",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-40146"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-40146",
          "url": "https://www.suse.com/security/cve/CVE-2022-40146"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203672 for CVE-2022-40146",
          "url": "https://bugzilla.suse.com/1203672"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-06T11:54:24Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-40146"
    },
    {
      "cve": "CVE-2022-41704",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-41704"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-41704",
          "url": "https://www.suse.com/security/cve/CVE-2022-41704"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204704 for CVE-2022-41704",
          "url": "https://bugzilla.suse.com/1204704"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-06T11:54:24Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-41704"
    },
    {
      "cve": "CVE-2022-42890",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-42890"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-42890",
          "url": "https://www.suse.com/security/cve/CVE-2022-42890"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204709 for CVE-2022-42890",
          "url": "https://bugzilla.suse.com/1204709"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-06T11:54:24Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-42890"
    },
    {
      "cve": "CVE-2022-44729",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-44729"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.\n\nOn version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-44729",
          "url": "https://www.suse.com/security/cve/CVE-2022-44729"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-06T11:54:24Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-44729"
    },
    {
      "cve": "CVE-2022-44730",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-44730"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.\n\nA malicious SVG can probe user profile / data and send it directly as parameter to a URL.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-44730",
          "url": "https://www.suse.com/security/cve/CVE-2022-44730"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-06T11:54:24Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-44730"
    }
  ]
}

WID-SEC-W-2023-0881

Vulnerability from csaf_certbund - Published: 2023-04-05 22:00 - Updated: 2023-04-05 22:00

Summary

IBM Maximo Asset Management: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Maximo Asset Management ist ein Enterprise-Asset-Management-System, das umfassenden Support für Assets, Maintenance, Ressourcen und Supply-Chain-Management-Anforderungen bietet.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Maximo Asset Management ausnutzen, um Informationen offenzulegen.

Betroffene Betriebssysteme: - UNIX - Linux - Windows

CVE-2022-40146

Es bestehen mehrere Schwachstellen in IBM Maximo Asset Management. Die verwendete "Apache Batik"-Komponente ist anfällig für serverseitige Request Forgery-Angriffe. Ein Angreifer kann dies ausnutzen, indem er speziell gestaltete Anfragen an eine betroffene Installation sendet, um Informationen offenzulegen.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM Maximo Asset Management 7.6.1.3 IBM / Maximo Asset Management	`cpe:/a:ibm:maximo_asset_management:7.6.1.3`	—
IBM Maximo Asset Management 7.6.1.2 IBM / Maximo Asset Management	`cpe:/a:ibm:maximo_asset_management:7.6.1.2`	—

CVE-2022-38648

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM Maximo Asset Management 7.6.1.3 IBM / Maximo Asset Management	`cpe:/a:ibm:maximo_asset_management:7.6.1.3`	—
IBM Maximo Asset Management 7.6.1.2 IBM / Maximo Asset Management	`cpe:/a:ibm:maximo_asset_management:7.6.1.2`	—

CVE-2022-38398

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
IBM Maximo Asset Management 7.6.1.3 IBM / Maximo Asset Management	`cpe:/a:ibm:maximo_asset_management:7.6.1.3`	—
IBM Maximo Asset Management 7.6.1.2 IBM / Maximo Asset Management	`cpe:/a:ibm:maximo_asset_management:7.6.1.2`	—

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/6981109	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Maximo Asset Management ist ein Enterprise-Asset-Management-System, das umfassenden Support f\u00fcr Assets, Maintenance, Ressourcen und Supply-Chain-Management-Anforderungen bietet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Maximo Asset Management ausnutzen, um Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0881 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0881.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0881 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0881"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6981109 vom 2023-04-05",
        "url": "https://www.ibm.com/support/pages/node/6981109"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM Maximo Asset Management: Mehrere Schwachstellen erm\u00f6glichen Offenlegung von Informationen",
    "tracking": {
      "current_release_date": "2023-04-05T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:48:16.512+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0881",
      "initial_release_date": "2023-04-05T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-04-05T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "IBM Maximo Asset Management 7.6.1.3",
                "product": {
                  "name": "IBM Maximo Asset Management 7.6.1.3",
                  "product_id": "1234217",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM Maximo Asset Management 7.6.1.2",
                "product": {
                  "name": "IBM Maximo Asset Management 7.6.1.2",
                  "product_id": "T027067",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Maximo Asset Management"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-40146",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM Maximo Asset Management. Die verwendete \"Apache Batik\"-Komponente ist anf\u00e4llig f\u00fcr serverseitige Request Forgery-Angriffe. Ein Angreifer kann dies ausnutzen, indem er speziell gestaltete Anfragen an eine betroffene Installation sendet, um Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "1234217",
          "T027067"
        ]
      },
      "release_date": "2023-04-05T22:00:00.000+00:00",
      "title": "CVE-2022-40146"
    },
    {
      "cve": "CVE-2022-38648",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM Maximo Asset Management. Die verwendete \"Apache Batik\"-Komponente ist anf\u00e4llig f\u00fcr serverseitige Request Forgery-Angriffe. Ein Angreifer kann dies ausnutzen, indem er speziell gestaltete Anfragen an eine betroffene Installation sendet, um Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "1234217",
          "T027067"
        ]
      },
      "release_date": "2023-04-05T22:00:00.000+00:00",
      "title": "CVE-2022-38648"
    },
    {
      "cve": "CVE-2022-38398",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM Maximo Asset Management. Die verwendete \"Apache Batik\"-Komponente ist anf\u00e4llig f\u00fcr serverseitige Request Forgery-Angriffe. Ein Angreifer kann dies ausnutzen, indem er speziell gestaltete Anfragen an eine betroffene Installation sendet, um Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "1234217",
          "T027067"
        ]
      },
      "release_date": "2023-04-05T22:00:00.000+00:00",
      "title": "CVE-2022-38398"
    }
  ]
}

WID-SEC-W-2023-1142

Vulnerability from csaf_certbund - Published: 2023-05-03 22:00 - Updated: 2025-06-09 22:00

Summary

Red Hat Integration Camel for Spring Boot: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Integration Camel for Spring Boot ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden.

Betroffene Betriebssysteme: - Linux

CVE-2021-37533

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-25857

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-31777

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-33681

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-37865

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-37866

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-38398

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-38648

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-38749

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-38750

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-38751

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-38752

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-39368

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-40146

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-40150

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-40151

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-40152

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-40156

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-41704

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-41852

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-41853

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-41854

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-41881

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-41966

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-42003

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-42004

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-42890

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2022-4492

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2023-1370

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2023-1436

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2023-20860

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2023-20861

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2023-20863

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2023-22602

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

CVE-2023-24998

Affected products

Known affected 9 products

Product	Identifier	Version
Red Hat OpenShift Application Runtimes Red Hat / OpenShift	`cpe:/a:redhat:openshift:application_runtimes`	Application Runtimes
Red Hat Enterprise Linux Apache Camel 1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_1`	Apache Camel 1
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1 Red Hat / Enterprise Linux		Integration Camel for Spring Boot <3.20.1
Red Hat OpenShift Container Platform <4.10.62 Red Hat / OpenShift		Container Platform <4.10.62
Dell NetWorker Dell	`cpe:/a:dell:networker:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Integration Red Hat / Integration	`cpe:/a:redhat:integration:-`	—
Red Hat Integration Camel Extensions for Quarkus 1 Red Hat / Integration	`cpe:/a:redhat:integration:camel_extensions_for_quarkus_1`	Camel Extensions for Quarkus 1

References

30 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/errata/RHSA-2023:2100	external
https://access.redhat.com/errata/RHSA-2023:3179	external
https://access.redhat.com/errata/RHSA-2023:3193	external
https://access.redhat.com/errata/RHSA-2023:3622	external
https://access.redhat.com/errata/RHSA-2023:3667	external
https://access.redhat.com/errata/RHSA-2023:3626	external
https://access.redhat.com/errata/RHSA-2023:3625	external
https://access.redhat.com/errata/RHSA-2023:3906	external
https://access.redhat.com/errata/RHSA-2023:3954	external
https://alas.aws.amazon.com/AL2/ALAS-2023-2165.html	external
https://access.redhat.com/errata/RHSA-2023:4506	external
https://access.redhat.com/errata/RHSA-2023:4507	external
https://access.redhat.com/errata/RHSA-2023:4505	external
https://access.redhat.com/errata/RHSA-2023:4509	external
https://access.redhat.com/errata/RHSA-2023:4612	external
https://access.redhat.com/errata/RHSA-2023:4919	external
https://access.redhat.com/errata/RHSA-2023:4921	external
https://access.redhat.com/errata/RHSA-2023:4924	external
https://access.redhat.com/errata/RHSA-2023:4918	external
https://access.redhat.com/errata/RHSA-2023:4920	external
https://access.redhat.com/errata/RHSA-2023:7670	external
https://www.dell.com/support/kbdoc/000220649/dsa-2023-=	external
https://www.dell.com/support/kbdoc/000220669/dsa-2023-=	external
https://alas.aws.amazon.com/ALAS-2024-1910.html	external
https://access.redhat.com/errata/RHSA-2024:1027	external
https://access.redhat.com/errata/RHSA-2025:3541	external
https://access.redhat.com/errata/RHSA-2025:3543	external
https://access.redhat.com/errata/RHSA-2025:8761	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Integration Camel for Spring Boot ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1142 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1142.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1142 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1142"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2023-05-03",
        "url": "https://access.redhat.com/errata/RHSA-2023:2100"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3179 vom 2023-05-17",
        "url": "https://access.redhat.com/errata/RHSA-2023:3179"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3193 vom 2023-05-17",
        "url": "https://access.redhat.com/errata/RHSA-2023:3193"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3622 vom 2023-06-15",
        "url": "https://access.redhat.com/errata/RHSA-2023:3622"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3667 vom 2023-06-19",
        "url": "https://access.redhat.com/errata/RHSA-2023:3667"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3626 vom 2023-06-23",
        "url": "https://access.redhat.com/errata/RHSA-2023:3626"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3625 vom 2023-06-23",
        "url": "https://access.redhat.com/errata/RHSA-2023:3625"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3906 vom 2023-06-28",
        "url": "https://access.redhat.com/errata/RHSA-2023:3906"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3954 vom 2023-06-29",
        "url": "https://access.redhat.com/errata/RHSA-2023:3954"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2023-2165 vom 2023-07-26",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2165.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4506 vom 2023-08-07",
        "url": "https://access.redhat.com/errata/RHSA-2023:4506"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4507 vom 2023-08-07",
        "url": "https://access.redhat.com/errata/RHSA-2023:4507"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4505 vom 2023-08-07",
        "url": "https://access.redhat.com/errata/RHSA-2023:4505"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4509 vom 2023-08-07",
        "url": "https://access.redhat.com/errata/RHSA-2023:4509"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4612 vom 2023-08-16",
        "url": "https://access.redhat.com/errata/RHSA-2023:4612"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4919 vom 2023-08-31",
        "url": "https://access.redhat.com/errata/RHSA-2023:4919"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4921 vom 2023-08-31",
        "url": "https://access.redhat.com/errata/RHSA-2023:4921"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4924 vom 2023-08-31",
        "url": "https://access.redhat.com/errata/RHSA-2023:4924"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4918 vom 2023-08-31",
        "url": "https://access.redhat.com/errata/RHSA-2023:4918"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4920 vom 2023-08-31",
        "url": "https://access.redhat.com/errata/RHSA-2023:4920"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7670 vom 2023-12-06",
        "url": "https://access.redhat.com/errata/RHSA-2023:7670"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2023-300 vom 2023-12-22",
        "url": "https://www.dell.com/support/kbdoc/000220649/dsa-2023-="
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2023-409 vom 2023-12-23",
        "url": "https://www.dell.com/support/kbdoc/000220669/dsa-2023-="
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2024-1910 vom 2024-01-23",
        "url": "https://alas.aws.amazon.com/ALAS-2024-1910.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1027 vom 2024-02-28",
        "url": "https://access.redhat.com/errata/RHSA-2024:1027"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3541 vom 2025-04-02",
        "url": "https://access.redhat.com/errata/RHSA-2025:3541"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3543 vom 2025-04-02",
        "url": "https://access.redhat.com/errata/RHSA-2025:3543"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:8761 vom 2025-06-10",
        "url": "https://access.redhat.com/errata/RHSA-2025:8761"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Integration Camel for Spring Boot: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-06-09T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-10T11:09:16.733+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2023-1142",
      "initial_release_date": "2023-05-03T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-05-03T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-05-18T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-06-15T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-06-19T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-06-25T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-06-28T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-06-29T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-07-25T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-08-07T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-08-16T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-08-31T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-12-06T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-12-21T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2023-12-26T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-01-22T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-02-28T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-04-02T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-06-09T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "18"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell NetWorker",
            "product": {
              "name": "Dell NetWorker",
              "product_id": "T024663",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:networker:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "67646",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Integration Camel for Spring Boot \u003c3.20.1",
                "product": {
                  "name": "Red Hat Enterprise Linux Integration Camel for Spring Boot \u003c3.20.1",
                  "product_id": "T027614"
                }
              },
              {
                "category": "product_version",
                "name": "Integration Camel for Spring Boot 3.20.1",
                "product": {
                  "name": "Red Hat Enterprise Linux Integration Camel for Spring Boot 3.20.1",
                  "product_id": "T027614-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:integration_camel_for_spring_boot__3.20.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Apache Camel 1",
                "product": {
                  "name": "Red Hat Enterprise Linux Apache Camel 1",
                  "product_id": "T044468",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:apache_camel_1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Camel Extensions for Quarkus 1",
                "product": {
                  "name": "Red Hat Integration Camel Extensions for Quarkus 1",
                  "product_id": "T026453",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:integration:camel_extensions_for_quarkus_1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Integration",
                "product": {
                  "name": "Red Hat Integration",
                  "product_id": "T033960",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:integration:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Integration"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.10.62",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.10.62",
                  "product_id": "T028308"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.10.62",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.10.62",
                  "product_id": "T028308-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.10.62"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Application Runtimes",
                "product": {
                  "name": "Red Hat OpenShift Application Runtimes",
                  "product_id": "T029341",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:application_runtimes"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenShift"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-37533",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2021-37533"
    },
    {
      "cve": "CVE-2022-25857",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-25857"
    },
    {
      "cve": "CVE-2022-31777",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-31777"
    },
    {
      "cve": "CVE-2022-33681",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-33681"
    },
    {
      "cve": "CVE-2022-37865",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-37865"
    },
    {
      "cve": "CVE-2022-37866",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-37866"
    },
    {
      "cve": "CVE-2022-38398",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-38398"
    },
    {
      "cve": "CVE-2022-38648",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-38648"
    },
    {
      "cve": "CVE-2022-38749",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-38749"
    },
    {
      "cve": "CVE-2022-38750",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-38750"
    },
    {
      "cve": "CVE-2022-38751",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-38751"
    },
    {
      "cve": "CVE-2022-38752",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-38752"
    },
    {
      "cve": "CVE-2022-39368",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-39368"
    },
    {
      "cve": "CVE-2022-40146",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-40146"
    },
    {
      "cve": "CVE-2022-40150",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-40150"
    },
    {
      "cve": "CVE-2022-40151",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-40151"
    },
    {
      "cve": "CVE-2022-40152",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-40152"
    },
    {
      "cve": "CVE-2022-40156",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-40156"
    },
    {
      "cve": "CVE-2022-41704",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-41704"
    },
    {
      "cve": "CVE-2022-41852",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-41852"
    },
    {
      "cve": "CVE-2022-41853",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-41853"
    },
    {
      "cve": "CVE-2022-41854",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-41854"
    },
    {
      "cve": "CVE-2022-41881",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-41881"
    },
    {
      "cve": "CVE-2022-41966",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-41966"
    },
    {
      "cve": "CVE-2022-42003",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-42003"
    },
    {
      "cve": "CVE-2022-42004",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-42004"
    },
    {
      "cve": "CVE-2022-42890",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-42890"
    },
    {
      "cve": "CVE-2022-4492",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2022-4492"
    },
    {
      "cve": "CVE-2023-1370",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2023-1370"
    },
    {
      "cve": "CVE-2023-1436",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2023-1436"
    },
    {
      "cve": "CVE-2023-20860",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2023-20860"
    },
    {
      "cve": "CVE-2023-20861",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2023-20861"
    },
    {
      "cve": "CVE-2023-20863",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2023-20863"
    },
    {
      "cve": "CVE-2023-22602",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2023-22602"
    },
    {
      "cve": "CVE-2023-24998",
      "product_status": {
        "known_affected": [
          "T029341",
          "T044468",
          "67646",
          "T027614",
          "T028308",
          "T024663",
          "398363",
          "T033960",
          "T026453"
        ]
      },
      "release_date": "2023-05-03T22:00:00.000+00:00",
      "title": "CVE-2023-24998"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-38398 (GCVE-0-2022-38398)

SUSE-SU-2024:0777-1

WID-SEC-W-2023-0881

WID-SEC-W-2023-1142

Tags

Sightings

Nomenclature