Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-38749 (GCVE-0-2022-38749)
Vulnerability from cvelistv5 – Published: 2022-09-05 00:00 – Updated: 2024-08-03 11:02
VLAI
EPSS
Title
DoS in SnakeYAML
Summary
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Severity
6.5 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024"
},
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open"
},
{
"name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3132-1] snakeyaml security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html"
},
{
"name": "GLSA-202305-28",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-28"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240315-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SnakeYAML",
"vendor": "snakeyaml",
"versions": [
{
"lessThan": "1.31",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T11:05:59.112Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024"
},
{
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open"
},
{
"name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3132-1] snakeyaml security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html"
},
{
"name": "GLSA-202305-28",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-28"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240315-0010/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "DoS in SnakeYAML",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2022-38749",
"datePublished": "2022-09-05T00:00:00.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T11:02:14.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-38749",
"date": "2026-06-12",
"epss": "0.00533",
"percentile": "0.67913"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:snakeyaml_project:snakeyaml:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.31\", \"matchCriteriaId\": \"4911A85B-287B-4900-8ACE-5BA60949D7BE\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\"}, {\"lang\": \"es\", \"value\": \"El uso de snakeYAML para analizar archivos YAML no confiables puede ser vulnerable a ataques de Denegaci\\u00f3n de Servicio (DOS). Si el analizador es ejecutado en la entrada suministrada por el usuario, un atacante puede suministrar el contenido que hace que el analizador sea bloqueado por stackoverflow\"}]",
"id": "CVE-2022-38749",
"lastModified": "2024-11-21T07:17:01.060",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"cve-coordination@google.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
"published": "2022-09-05T10:15:09.673",
"references": "[{\"url\": \"https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open\", \"source\": \"cve-coordination@google.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024\", \"source\": \"cve-coordination@google.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html\", \"source\": \"cve-coordination@google.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202305-28\", \"source\": \"cve-coordination@google.com\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240315-0010/\", \"source\": \"cve-coordination@google.com\"}, {\"url\": \"https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202305-28\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240315-0010/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve-coordination@google.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"cve-coordination@google.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-121\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-38749\",\"sourceIdentifier\":\"cve-coordination@google.com\",\"published\":\"2022-09-05T10:15:09.673\",\"lastModified\":\"2024-11-21T07:17:01.060\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\"},{\"lang\":\"es\",\"value\":\"El uso de snakeYAML para analizar archivos YAML no confiables puede ser vulnerable a ataques de Denegaci\u00f3n de Servicio (DOS). Si el analizador es ejecutado en la entrada suministrada por el usuario, un atacante puede suministrar el contenido que hace que el analizador sea bloqueado por stackoverflow\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:snakeyaml_project:snakeyaml:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.31\",\"matchCriteriaId\":\"4911A85B-287B-4900-8ACE-5BA60949D7BE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-28\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240315-0010/\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-28\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240315-0010/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
RHSA-2023_7697
Vulnerability from csaf_redhat - Published: 2023-12-07 13:41 - Updated: 2024-12-17 23:02Summary
Red Hat Security Advisory: AMQ Clients 2023.Q4
Severity
Moderate
Notes
Topic: An update is now available for Red Hat AMQ Clients
Red Hat Product Security has rated this update as having an impact of
Moderate.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed
severity rating, is available for each vulnerability from the CVE link(s) in the
References section.
Details: Each Red Hat AMQ Client enables sending, and receiving messages to or from AMQ Broker 7.
This update provides various bug fixes and enhancements in addition to the
client package versions previously released on Red Hat Enterprise Linux 8
and 9.
Security Fix(es):
* (CVE-2023-34050) springframework-amqp: Deserialization Vulnerability
* (CVE-2023-34462) netty: SniHandler 16MB allocation leads to OOM
* (CVE-2023-40167) jetty: Improper validation of HTTP/1 content-length
* (CVE-2022-1471) SnakeYaml: Constructor Deserialization Remote Code Execution
* (CVE-2022-25857) snakeyaml: Denial of Service due to missing nested depth limitation for collections
* (CVE-2022-38749) snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode
* (CVE-2022-41854) dev-java/snakeyaml: DoS via stack overflow
* (CVE-2023-1370) json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AMQ Clients
Red Hat / Red Hat AMQ Clients
|
cpe:/a:redhat:amq_clients:2023_q4
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AMQ Clients
Red Hat / Red Hat AMQ Clients
|
cpe:/a:redhat:amq_clients:2023_q4
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AMQ Clients
Red Hat / Red Hat AMQ Clients
|
cpe:/a:redhat:amq_clients:2023_q4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AMQ Clients
Red Hat / Red Hat AMQ Clients
|
cpe:/a:redhat:amq_clients:2023_q4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AMQ Clients
Red Hat / Red Hat AMQ Clients
|
cpe:/a:redhat:amq_clients:2023_q4
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Spring Framework AMQP. An allowed list exists in Spring AMQP, but when no allowed list is provided, all classes could be deserialized, allowing a malicious user to send harmful content to the broker.
4.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AMQ Clients
Red Hat / Red Hat AMQ Clients
|
cpe:/a:redhat:amq_clients:2023_q4
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Netty's SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AMQ Clients
Red Hat / Red Hat AMQ Clients
|
cpe:/a:redhat:amq_clients:2023_q4
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Jetty that permits a plus sign (+) preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400 responses.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AMQ Clients
Red Hat / Red Hat AMQ Clients
|
cpe:/a:redhat:amq_clients:2023_q4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
56 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat AMQ Clients\n\nRed Hat Product Security has rated this update as having an impact of\nModerate.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed\nseverity rating, is available for each vulnerability from the CVE link(s) in the\nReferences section.",
"title": "Topic"
},
{
"category": "general",
"text": "Each Red Hat AMQ Client enables sending, and receiving messages to or from AMQ Broker 7.\n\nThis update provides various bug fixes and enhancements in addition to the\nclient package versions previously released on Red Hat Enterprise Linux 8\nand 9.\n\nSecurity Fix(es):\n\n* (CVE-2023-34050) springframework-amqp: Deserialization Vulnerability\n* (CVE-2023-34462) netty: SniHandler 16MB allocation leads to OOM\n* (CVE-2023-40167) jetty: Improper validation of HTTP/1 content-length\n* (CVE-2022-1471) SnakeYaml: Constructor Deserialization Remote Code Execution\n* (CVE-2022-25857) snakeyaml: Denial of Service due to missing nested depth limitation for collections\n* (CVE-2022-38749) snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode\n* (CVE-2022-41854) dev-java/snakeyaml: DoS via stack overflow\n* (CVE-2023-1370) json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7697",
"url": "https://access.redhat.com/errata/RHSA-2023:7697"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.clients\u0026version=2023.Q4",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.clients\u0026version=2023.Q4"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_amq_clients/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq_clients/"
},
{
"category": "external",
"summary": "2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "2129706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
},
{
"category": "external",
"summary": "2150009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009"
},
{
"category": "external",
"summary": "2151988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988"
},
{
"category": "external",
"summary": "2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "2216888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888"
},
{
"category": "external",
"summary": "2239634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239634"
},
{
"category": "external",
"summary": "2246065",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246065"
},
{
"category": "external",
"summary": "ENTMQCL-1291",
"url": "https://issues.redhat.com/browse/ENTMQCL-1291"
},
{
"category": "external",
"summary": "ENTMQCL-1517",
"url": "https://issues.redhat.com/browse/ENTMQCL-1517"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7697.json"
}
],
"title": "Red Hat Security Advisory: AMQ Clients 2023.Q4",
"tracking": {
"current_release_date": "2024-12-17T23:02:29+00:00",
"generator": {
"date": "2024-12-17T23:02:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:7697",
"initial_release_date": "2023-12-07T13:41:55+00:00",
"revision_history": [
{
"date": "2023-12-07T13:41:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-12-07T13:41:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T23:02:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "AMQ Clients",
"product": {
"name": "AMQ Clients",
"product_id": "AMQ Clients",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_clients:2023_q4"
}
}
}
],
"category": "product_family",
"name": "Red Hat AMQ Clients"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1471",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-12-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2150009"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SnakeYaml: Constructor Deserialization Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml\u0027s SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker\u0027s control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml\u0027s Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AMQ Clients"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1471"
},
{
"category": "external",
"summary": "RHBZ#2150009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471"
},
{
"category": "external",
"summary": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2",
"url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"
}
],
"release_date": "2022-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-07T13:41:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AMQ Clients"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7697"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AMQ Clients"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "SnakeYaml: Constructor Deserialization Remote Code Execution"
},
{
"cve": "CVE-2022-25857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AMQ Clients"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "RHBZ#2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
}
],
"release_date": "2022-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-07T13:41:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AMQ Clients"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7697"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AMQ Clients"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
},
{
"cve": "CVE-2022-38749",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129706"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AMQ Clients"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38749"
},
{
"category": "external",
"summary": "RHBZ#2129706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-07T13:41:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AMQ Clients"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7697"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AMQ Clients"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode"
},
{
"cve": "CVE-2022-41854",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2151988"
}
],
"notes": [
{
"category": "description",
"text": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dev-java/snakeyaml: DoS via stack overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AMQ Clients"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41854"
},
{
"category": "external",
"summary": "RHBZ#2151988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355"
},
{
"category": "external",
"summary": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355"
}
],
"release_date": "2022-11-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-07T13:41:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AMQ Clients"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7697"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AMQ Clients"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dev-java/snakeyaml: DoS via stack overflow"
},
{
"cve": "CVE-2023-1370",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2188542"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AMQ Clients"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1370"
},
{
"category": "external",
"summary": "RHBZ#2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-493p-pfq6-5258",
"url": "https://github.com/advisories/GHSA-493p-pfq6-5258"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/",
"url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-07T13:41:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AMQ Clients"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7697"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AMQ Clients"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)"
},
{
"cve": "CVE-2023-34050",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2023-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2246065"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Framework AMQP. An allowed list exists in Spring AMQP, but when no allowed list is provided, all classes could be deserialized, allowing a malicious user to send harmful content to the broker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework-amqp: Deserialization Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw requires previous knowledge and access to the messages in order to get them deserialized and possibly leak information. It also requires missing server side configurations to prevent unwanted behavior. Therefore, this is rated as a Moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AMQ Clients"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-34050"
},
{
"category": "external",
"summary": "RHBZ#2246065",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246065"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-34050",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34050"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-34050",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34050"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2023-34050",
"url": "https://spring.io/security/cve-2023-34050"
}
],
"release_date": "2023-10-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-07T13:41:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AMQ Clients"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7697"
},
{
"category": "workaround",
"details": "An application may be vulnerable if:\n- The SimpleMessageConverter or SerializerMessageConverter is used \n- The user does not configure allowed list patterns \n- Untrusted message originators gain permissions to write messages to the RabbitMQ broker to send malicious content\n\nMake sure these are avoided in order to mitigate the issue.",
"product_ids": [
"AMQ Clients"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AMQ Clients"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "springframework-amqp: Deserialization Vulnerability"
},
{
"cve": "CVE-2023-34462",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2216888"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: SniHandler 16MB allocation leads to OOM",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AMQ Clients"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-34462"
},
{
"category": "external",
"summary": "RHBZ#2216888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462"
}
],
"release_date": "2023-06-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-07T13:41:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AMQ Clients"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7697"
},
{
"category": "workaround",
"details": "Configuration of SniHandler with an idle timeout will mitigate this issue.",
"product_ids": [
"AMQ Clients"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AMQ Clients"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: SniHandler 16MB allocation leads to OOM"
},
{
"cve": "CVE-2023-40167",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2023-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2239634"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty that permits a plus sign (+) preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400 responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: Improper validation of HTTP/1 content-length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AMQ Clients"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40167"
},
{
"category": "external",
"summary": "RHBZ#2239634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6",
"url": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6"
}
],
"release_date": "2023-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-07T13:41:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AMQ Clients"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7697"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AMQ Clients"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: Improper validation of HTTP/1 content-length"
}
]
}
SUSE-SU-2022:3397-1
Vulnerability from csaf_suse - Published: 2022-09-26 14:39 - Updated: 2022-09-26 14:39Summary
Security update for snakeyaml
Severity
Important
Notes
Title of the patch: Security update for snakeyaml
Description of the patch: This update for snakeyaml fixes the following issues:
- CVE-2022-38750: Fixed uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (bsc#1203158).
- CVE-2022-38749: Fixed StackOverflowError for many open unmatched brackets (bsc#1203149).
- CVE-2022-38752: Fixed uncaught exception in java.base/java.util.ArrayList.hashCode (bsc#1203154).
- CVE-2022-38751: Fixed unrestricted data matched with Regular Expressions (bsc#1203153).
- CVE-2022-25857: Fixed denial of service vulnerability due missing to nested depth limitation for collections (bsc#1202932).
Patchnames: SUSE-2022-3397,SUSE-SLE-Module-Development-Tools-15-SP3-2022-3397,SUSE-SLE-Module-Development-Tools-15-SP4-2022-3397,SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3397,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3397,openSUSE-SLE-15.3-2022-3397,openSUSE-SLE-15.4-2022-3397
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.2 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for snakeyaml",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for snakeyaml fixes the following issues:\n\n- CVE-2022-38750: Fixed uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (bsc#1203158).\n- CVE-2022-38749: Fixed StackOverflowError for many open unmatched brackets (bsc#1203149).\n- CVE-2022-38752: Fixed uncaught exception in java.base/java.util.ArrayList.hashCode (bsc#1203154).\n- CVE-2022-38751: Fixed unrestricted data matched with Regular Expressions (bsc#1203153).\n- CVE-2022-25857: Fixed denial of service vulnerability due missing to nested depth limitation for collections (bsc#1202932).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3397,SUSE-SLE-Module-Development-Tools-15-SP3-2022-3397,SUSE-SLE-Module-Development-Tools-15-SP4-2022-3397,SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3397,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3397,openSUSE-SLE-15.3-2022-3397,openSUSE-SLE-15.4-2022-3397",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3397-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3397-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223397-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3397-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012382.html"
},
{
"category": "self",
"summary": "SUSE Bug 1202932",
"url": "https://bugzilla.suse.com/1202932"
},
{
"category": "self",
"summary": "SUSE Bug 1203149",
"url": "https://bugzilla.suse.com/1203149"
},
{
"category": "self",
"summary": "SUSE Bug 1203153",
"url": "https://bugzilla.suse.com/1203153"
},
{
"category": "self",
"summary": "SUSE Bug 1203154",
"url": "https://bugzilla.suse.com/1203154"
},
{
"category": "self",
"summary": "SUSE Bug 1203158",
"url": "https://bugzilla.suse.com/1203158"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13936 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13936/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-25857 page",
"url": "https://www.suse.com/security/cve/CVE-2022-25857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-38749 page",
"url": "https://www.suse.com/security/cve/CVE-2022-38749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-38750 page",
"url": "https://www.suse.com/security/cve/CVE-2022-38750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-38751 page",
"url": "https://www.suse.com/security/cve/CVE-2022-38751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-38752 page",
"url": "https://www.suse.com/security/cve/CVE-2022-38752/"
}
],
"title": "Security update for snakeyaml",
"tracking": {
"current_release_date": "2022-09-26T14:39:22Z",
"generator": {
"date": "2022-09-26T14:39:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3397-1",
"initial_release_date": "2022-09-26T14:39:22Z",
"revision_history": [
{
"date": "2022-09-26T14:39:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "snakeyaml-1.31-150200.3.8.1.noarch",
"product": {
"name": "snakeyaml-1.31-150200.3.8.1.noarch",
"product_id": "snakeyaml-1.31-150200.3.8.1.noarch"
}
},
{
"category": "product_version",
"name": "snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"product": {
"name": "snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"product_id": "snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.2",
"product": {
"name": "SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.3",
"product": {
"name": "SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "snakeyaml-1.31-150200.3.8.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch"
},
"product_reference": "snakeyaml-1.31-150200.3.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "snakeyaml-1.31-150200.3.8.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch"
},
"product_reference": "snakeyaml-1.31-150200.3.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "snakeyaml-1.31-150200.3.8.1.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch"
},
"product_reference": "snakeyaml-1.31-150200.3.8.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "snakeyaml-1.31-150200.3.8.1.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch"
},
"product_reference": "snakeyaml-1.31-150200.3.8.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "snakeyaml-1.31-150200.3.8.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch"
},
"product_reference": "snakeyaml-1.31-150200.3.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "snakeyaml-javadoc-1.31-150200.3.8.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
},
"product_reference": "snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "snakeyaml-1.31-150200.3.8.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch"
},
"product_reference": "snakeyaml-1.31-150200.3.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "snakeyaml-javadoc-1.31-150200.3.8.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
},
"product_reference": "snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13936"
}
],
"notes": [
{
"category": "general",
"text": "An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13936",
"url": "https://www.suse.com/security/cve/CVE-2020-13936"
},
{
"category": "external",
"summary": "SUSE Bug 1183360 for CVE-2020-13936",
"url": "https://bugzilla.suse.com/1183360"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-26T14:39:22Z",
"details": "important"
}
],
"title": "CVE-2020-13936"
},
{
"cve": "CVE-2022-25857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-25857"
}
],
"notes": [
{
"category": "general",
"text": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-25857",
"url": "https://www.suse.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "SUSE Bug 1202932 for CVE-2022-25857",
"url": "https://bugzilla.suse.com/1202932"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-26T14:39:22Z",
"details": "moderate"
}
],
"title": "CVE-2022-25857"
},
{
"cve": "CVE-2022-38749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-38749"
}
],
"notes": [
{
"category": "general",
"text": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-38749",
"url": "https://www.suse.com/security/cve/CVE-2022-38749"
},
{
"category": "external",
"summary": "SUSE Bug 1203149 for CVE-2022-38749",
"url": "https://bugzilla.suse.com/1203149"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-26T14:39:22Z",
"details": "important"
}
],
"title": "CVE-2022-38749"
},
{
"cve": "CVE-2022-38750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-38750"
}
],
"notes": [
{
"category": "general",
"text": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-38750",
"url": "https://www.suse.com/security/cve/CVE-2022-38750"
},
{
"category": "external",
"summary": "SUSE Bug 1203158 for CVE-2022-38750",
"url": "https://bugzilla.suse.com/1203158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-26T14:39:22Z",
"details": "important"
}
],
"title": "CVE-2022-38750"
},
{
"cve": "CVE-2022-38751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-38751"
}
],
"notes": [
{
"category": "general",
"text": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-38751",
"url": "https://www.suse.com/security/cve/CVE-2022-38751"
},
{
"category": "external",
"summary": "SUSE Bug 1203153 for CVE-2022-38751",
"url": "https://bugzilla.suse.com/1203153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-26T14:39:22Z",
"details": "important"
}
],
"title": "CVE-2022-38751"
},
{
"cve": "CVE-2022-38752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-38752"
}
],
"notes": [
{
"category": "general",
"text": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-38752",
"url": "https://www.suse.com/security/cve/CVE-2022-38752"
},
{
"category": "external",
"summary": "SUSE Bug 1203154 for CVE-2022-38752",
"url": "https://bugzilla.suse.com/1203154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.2:snakeyaml-1.31-150200.3.8.1.noarch",
"SUSE Manager Server Module 4.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.3:snakeyaml-javadoc-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-1.31-150200.3.8.1.noarch",
"openSUSE Leap 15.4:snakeyaml-javadoc-1.31-150200.3.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-26T14:39:22Z",
"details": "important"
}
],
"title": "CVE-2022-38752"
}
]
}
SUSE-SU-2022:3560-1
Vulnerability from csaf_suse - Published: 2022-10-11 07:43 - Updated: 2022-10-11 07:43Summary
Security update for snakeyaml
Severity
Important
Notes
Title of the patch: Security update for snakeyaml
Description of the patch: This update for snakeyaml fixes the following issues:
snakeyaml was upgraded to version 1.31:
- CVE-2022-25857: Fixed DoS due missing to nested depth limitation for collections (bsc#1202932).
- CVE-2022-38749: Fixed DoS due to stack overflow in parser (bsc#1202932).
- CVE-2022-38751: Fixed DoS due to parsing of untrusted yaml files (bsc#1203153).
- CVE-2022-38752: Fixed DoS due to stack overflow in parser (bsc#1203154).
- CVE-2022-38750: Fixed DoS due to parsing of untrusted yaml files (bsc#1203158).
- CVE-2020-13936: Fixed arbitrary code execution when attacker is able to modify templates (bsc#1183360).
Patchnames: SUSE-2022-3560,SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3560
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.2 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
28 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for snakeyaml",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for snakeyaml fixes the following issues:\n\n snakeyaml was upgraded to version 1.31:\n\n - CVE-2022-25857: Fixed DoS due missing to nested depth limitation for collections (bsc#1202932).\n - CVE-2022-38749: Fixed DoS due to stack overflow in parser (bsc#1202932).\n - CVE-2022-38751: Fixed DoS due to parsing of untrusted yaml files (bsc#1203153).\n - CVE-2022-38752: Fixed DoS due to stack overflow in parser (bsc#1203154).\n - CVE-2022-38750: Fixed DoS due to parsing of untrusted yaml files (bsc#1203158).\n - CVE-2020-13936: Fixed arbitrary code execution when attacker is able to modify templates (bsc#1183360).\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3560,SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3560",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3560-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3560-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223560-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3560-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012531.html"
},
{
"category": "self",
"summary": "SUSE Bug 1183360",
"url": "https://bugzilla.suse.com/1183360"
},
{
"category": "self",
"summary": "SUSE Bug 1202932",
"url": "https://bugzilla.suse.com/1202932"
},
{
"category": "self",
"summary": "SUSE Bug 1203149",
"url": "https://bugzilla.suse.com/1203149"
},
{
"category": "self",
"summary": "SUSE Bug 1203153",
"url": "https://bugzilla.suse.com/1203153"
},
{
"category": "self",
"summary": "SUSE Bug 1203154",
"url": "https://bugzilla.suse.com/1203154"
},
{
"category": "self",
"summary": "SUSE Bug 1203158",
"url": "https://bugzilla.suse.com/1203158"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13936 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13936/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-25857 page",
"url": "https://www.suse.com/security/cve/CVE-2022-25857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-38749 page",
"url": "https://www.suse.com/security/cve/CVE-2022-38749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-38750 page",
"url": "https://www.suse.com/security/cve/CVE-2022-38750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-38751 page",
"url": "https://www.suse.com/security/cve/CVE-2022-38751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-38752 page",
"url": "https://www.suse.com/security/cve/CVE-2022-38752/"
}
],
"title": "Security update for snakeyaml",
"tracking": {
"current_release_date": "2022-10-11T07:43:48Z",
"generator": {
"date": "2022-10-11T07:43:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3560-1",
"initial_release_date": "2022-10-11T07:43:48Z",
"revision_history": [
{
"date": "2022-10-11T07:43:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "snakeyaml-1.31-150200.12.6.1.noarch",
"product": {
"name": "snakeyaml-1.31-150200.12.6.1.noarch",
"product_id": "snakeyaml-1.31-150200.12.6.1.noarch"
}
},
{
"category": "product_version",
"name": "snakeyaml-javadoc-1.31-150200.12.6.1.noarch",
"product": {
"name": "snakeyaml-javadoc-1.31-150200.12.6.1.noarch",
"product_id": "snakeyaml-javadoc-1.31-150200.12.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.1",
"product": {
"name": "SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "snakeyaml-1.31-150200.12.6.1.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
},
"product_reference": "snakeyaml-1.31-150200.12.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13936"
}
],
"notes": [
{
"category": "general",
"text": "An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13936",
"url": "https://www.suse.com/security/cve/CVE-2020-13936"
},
{
"category": "external",
"summary": "SUSE Bug 1183360 for CVE-2020-13936",
"url": "https://bugzilla.suse.com/1183360"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-11T07:43:48Z",
"details": "important"
}
],
"title": "CVE-2020-13936"
},
{
"cve": "CVE-2022-25857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-25857"
}
],
"notes": [
{
"category": "general",
"text": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-25857",
"url": "https://www.suse.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "SUSE Bug 1202932 for CVE-2022-25857",
"url": "https://bugzilla.suse.com/1202932"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-11T07:43:48Z",
"details": "moderate"
}
],
"title": "CVE-2022-25857"
},
{
"cve": "CVE-2022-38749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-38749"
}
],
"notes": [
{
"category": "general",
"text": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-38749",
"url": "https://www.suse.com/security/cve/CVE-2022-38749"
},
{
"category": "external",
"summary": "SUSE Bug 1203149 for CVE-2022-38749",
"url": "https://bugzilla.suse.com/1203149"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-11T07:43:48Z",
"details": "important"
}
],
"title": "CVE-2022-38749"
},
{
"cve": "CVE-2022-38750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-38750"
}
],
"notes": [
{
"category": "general",
"text": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-38750",
"url": "https://www.suse.com/security/cve/CVE-2022-38750"
},
{
"category": "external",
"summary": "SUSE Bug 1203158 for CVE-2022-38750",
"url": "https://bugzilla.suse.com/1203158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-11T07:43:48Z",
"details": "important"
}
],
"title": "CVE-2022-38750"
},
{
"cve": "CVE-2022-38751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-38751"
}
],
"notes": [
{
"category": "general",
"text": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-38751",
"url": "https://www.suse.com/security/cve/CVE-2022-38751"
},
{
"category": "external",
"summary": "SUSE Bug 1203153 for CVE-2022-38751",
"url": "https://bugzilla.suse.com/1203153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-11T07:43:48Z",
"details": "important"
}
],
"title": "CVE-2022-38751"
},
{
"cve": "CVE-2022-38752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-38752"
}
],
"notes": [
{
"category": "general",
"text": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-38752",
"url": "https://www.suse.com/security/cve/CVE-2022-38752"
},
{
"category": "external",
"summary": "SUSE Bug 1203154 for CVE-2022-38752",
"url": "https://bugzilla.suse.com/1203154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.1:snakeyaml-1.31-150200.12.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-11T07:43:48Z",
"details": "important"
}
],
"title": "CVE-2022-38752"
}
]
}
WID-SEC-W-2022-1635
Vulnerability from csaf_certbund - Published: 2022-10-05 22:00 - Updated: 2025-04-27 22:00Summary
Red Hat OpenShift und Red Hat Enterprise Linux: Mehrere Schwachstellen ermöglichen Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff: Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Red Hat OpenShift build of Eclipse Vert.x und Red Hat Enterprise Linux ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - Linux
- UNIX
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM TXSeries 8.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.1
|
8.1 | |
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
IBM TXSeries 8.2
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.2
|
8.2 | |
|
IBM WebSphere Application Server
IBM
|
cpe:/a:ibm:websphere_application_server:-
|
— | |
|
IBM TXSeries 9.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_9.1
|
9.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift build of Eclipse Vert.x <4.3.
Red Hat / OpenShift
|
build of Eclipse Vert.x <4.3. | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat JBoss A-MQ Clients 3
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:clients_3
|
Clients 3 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM TXSeries 8.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.1
|
8.1 | |
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
IBM TXSeries 8.2
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.2
|
8.2 | |
|
IBM WebSphere Application Server
IBM
|
cpe:/a:ibm:websphere_application_server:-
|
— | |
|
IBM TXSeries 9.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_9.1
|
9.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift build of Eclipse Vert.x <4.3.
Red Hat / OpenShift
|
build of Eclipse Vert.x <4.3. | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat JBoss A-MQ Clients 3
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:clients_3
|
Clients 3 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM TXSeries 8.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.1
|
8.1 | |
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
IBM TXSeries 8.2
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.2
|
8.2 | |
|
IBM WebSphere Application Server
IBM
|
cpe:/a:ibm:websphere_application_server:-
|
— | |
|
IBM TXSeries 9.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_9.1
|
9.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift build of Eclipse Vert.x <4.3.
Red Hat / OpenShift
|
build of Eclipse Vert.x <4.3. | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat JBoss A-MQ Clients 3
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:clients_3
|
Clients 3 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM TXSeries 8.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.1
|
8.1 | |
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
IBM TXSeries 8.2
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.2
|
8.2 | |
|
IBM WebSphere Application Server
IBM
|
cpe:/a:ibm:websphere_application_server:-
|
— | |
|
IBM TXSeries 9.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_9.1
|
9.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift build of Eclipse Vert.x <4.3.
Red Hat / OpenShift
|
build of Eclipse Vert.x <4.3. | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat JBoss A-MQ Clients 3
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:clients_3
|
Clients 3 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM TXSeries 8.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.1
|
8.1 | |
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
IBM TXSeries 8.2
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.2
|
8.2 | |
|
IBM WebSphere Application Server
IBM
|
cpe:/a:ibm:websphere_application_server:-
|
— | |
|
IBM TXSeries 9.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_9.1
|
9.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift build of Eclipse Vert.x <4.3.
Red Hat / OpenShift
|
build of Eclipse Vert.x <4.3. | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat JBoss A-MQ Clients 3
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:clients_3
|
Clients 3 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM TXSeries 8.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.1
|
8.1 | |
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
IBM TXSeries 8.2
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.2
|
8.2 | |
|
IBM WebSphere Application Server
IBM
|
cpe:/a:ibm:websphere_application_server:-
|
— | |
|
IBM TXSeries 9.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_9.1
|
9.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift build of Eclipse Vert.x <4.3.
Red Hat / OpenShift
|
build of Eclipse Vert.x <4.3. | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat JBoss A-MQ Clients 3
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:clients_3
|
Clients 3 |
References
30 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Red Hat OpenShift build of Eclipse Vert.x und Red Hat Enterprise Linux ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1635 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1635.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1635 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1635"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2022-10-05",
"url": "https://access.redhat.com/errata/RHSA-2022:6757"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2022-10-05",
"url": "https://access.redhat.com/errata/RHSA-2022:6820"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6835 vom 2022-10-06",
"url": "https://access.redhat.com/errata/RHSA-2022:6835"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-6820 vom 2022-10-07",
"url": "http://linux.oracle.com/errata/ELSA-2022-6820.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6832094 vom 2022-10-27",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-is-vulnerable-to-denial-of-service-due-to-graphql-java-cve-2022-37734/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8524 vom 2022-11-17",
"url": "https://access.redhat.com/errata/RHSA-2022:8524"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8652 vom 2022-11-28",
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8876 vom 2022-12-07",
"url": "https://access.redhat.com/errata/RHSA-2022:8876"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:9023 vom 2022-12-14",
"url": "https://access.redhat.com/errata/RHSA-2022:9023"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0189 vom 2023-01-17",
"url": "https://access.redhat.com/errata/RHSA-2023:0189"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6856687 vom 2023-01-20",
"url": "https://www.ibm.com/support/pages/node/6856687"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0560 vom 2023-02-08",
"url": "https://access.redhat.com/errata/RHSA-2023:0560"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1049 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1043 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1043"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1045 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1045"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1047 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1047"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1044 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1044"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1513 vom 2023-03-30",
"url": "https://access.redhat.com/errata/RHSA-2023:1513"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1514 vom 2023-03-30",
"url": "https://access.redhat.com/errata/RHSA-2023:1514"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1512 vom 2023-03-30",
"url": "https://access.redhat.com/errata/RHSA-2023:1512"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3641 vom 2023-06-15",
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7697 vom 2023-12-07",
"url": "https://access.redhat.com/errata/RHSA-2023:7697"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2023-300 vom 2023-12-22",
"url": "https://www.dell.com/support/kbdoc/000220649/dsa-2023-="
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2403 vom 2024-01-10",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2403.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0777 vom 2024-02-12",
"url": "https://access.redhat.com/errata/RHSA-2024:0777"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0778 vom 2024-02-12",
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0776 vom 2024-02-12",
"url": "https://access.redhat.com/errata/RHSA-2024:0776"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4226 vom 2025-04-28",
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift und Red Hat Enterprise Linux: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2025-04-27T22:00:00.000+00:00",
"generator": {
"date": "2025-04-28T08:14:06.844+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2022-1635",
"initial_release_date": "2022-10-05T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-10-05T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-10-06T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2022-10-26T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-11-17T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-11-28T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-07T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-14T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-01-17T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-01-22T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-02-08T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-01T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-29T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-15T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-07T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-21T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-01-09T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-02-11T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-27T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "18"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T024663",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:-"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "9.1",
"product": {
"name": "IBM TXSeries 9.1",
"product_id": "T015903",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:txseries:for_multiplatforms_9.1"
}
}
},
{
"category": "product_version",
"name": "8.2",
"product": {
"name": "IBM TXSeries 8.2",
"product_id": "T015904",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:txseries:for_multiplatforms_8.2"
}
}
},
{
"category": "product_version",
"name": "8.1",
"product": {
"name": "IBM TXSeries 8.1",
"product_id": "T015905",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:txseries:for_multiplatforms_8.1"
}
}
}
],
"category": "product_name",
"name": "TXSeries"
},
{
"category": "product_name",
"name": "IBM WebSphere Application Server",
"product": {
"name": "IBM WebSphere Application Server",
"product_id": "5198",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "8",
"product": {
"name": "Red Hat Enterprise Linux 8",
"product_id": "T014111",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "Clients 3",
"product": {
"name": "Red Hat JBoss A-MQ Clients 3",
"product_id": "T031509",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_amq:clients_3"
}
}
}
],
"category": "product_name",
"name": "JBoss A-MQ"
},
{
"branches": [
{
"category": "product_version_range",
"name": "build of Eclipse Vert.x \u003c4.3.",
"product": {
"name": "Red Hat OpenShift build of Eclipse Vert.x \u003c4.3.",
"product_id": "T024811"
}
},
{
"category": "product_version",
"name": "build of Eclipse Vert.x 4.3.",
"product": {
"name": "Red Hat OpenShift build of Eclipse Vert.x 4.3.",
"product_id": "T024811-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:build_of_eclipse_vert.x__4.3."
}
}
},
{
"category": "product_version",
"name": "container platform 4.0.51",
"product": {
"name": "Red Hat OpenShift container platform 4.0.51",
"product_id": "T026183",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4.0.51"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-25857",
"product_status": {
"known_affected": [
"T015905",
"T026183",
"T015904",
"5198",
"T015903",
"67646",
"T024811",
"T024663",
"398363",
"T004914",
"T014111",
"T031509"
]
},
"release_date": "2022-10-05T22:00:00.000+00:00",
"title": "CVE-2022-25857"
},
{
"cve": "CVE-2022-37734",
"product_status": {
"known_affected": [
"T015905",
"T026183",
"T015904",
"5198",
"T015903",
"67646",
"T024811",
"T024663",
"398363",
"T004914",
"T014111",
"T031509"
]
},
"release_date": "2022-10-05T22:00:00.000+00:00",
"title": "CVE-2022-37734"
},
{
"cve": "CVE-2022-38749",
"product_status": {
"known_affected": [
"T015905",
"T026183",
"T015904",
"5198",
"T015903",
"67646",
"T024811",
"T024663",
"398363",
"T004914",
"T014111",
"T031509"
]
},
"release_date": "2022-10-05T22:00:00.000+00:00",
"title": "CVE-2022-38749"
},
{
"cve": "CVE-2022-38750",
"product_status": {
"known_affected": [
"T015905",
"T026183",
"T015904",
"5198",
"T015903",
"67646",
"T024811",
"T024663",
"398363",
"T004914",
"T014111",
"T031509"
]
},
"release_date": "2022-10-05T22:00:00.000+00:00",
"title": "CVE-2022-38750"
},
{
"cve": "CVE-2022-38751",
"product_status": {
"known_affected": [
"T015905",
"T026183",
"T015904",
"5198",
"T015903",
"67646",
"T024811",
"T024663",
"398363",
"T004914",
"T014111",
"T031509"
]
},
"release_date": "2022-10-05T22:00:00.000+00:00",
"title": "CVE-2022-38751"
},
{
"cve": "CVE-2022-38752",
"product_status": {
"known_affected": [
"T015905",
"T026183",
"T015904",
"5198",
"T015903",
"67646",
"T024811",
"T024663",
"398363",
"T004914",
"T014111",
"T031509"
]
},
"release_date": "2022-10-05T22:00:00.000+00:00",
"title": "CVE-2022-38752"
}
]
}
WID-SEC-W-2022-2286
Vulnerability from csaf_certbund - Published: 2022-12-11 23:00 - Updated: 2023-02-27 23:00Summary
IBM Business Automation Workflow: Mehrere Schwachstellen ermöglichen Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM Business Automation Workflow ist eine Lösung zur Automatisierung von Arbeitsabläufen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM Business Automation Workflow ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Pufferüberläufe, einer fehlenden Begrenzung der Verschachtelungstiefe für Sammlungen und einer fehlenden Prüfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow 20.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:20.0.0.2
|
— | |
|
IBM Business Automation Workflow 19.0.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:19.0.0.3
|
— | |
|
IBM Business Automation Workflow 22.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.1
|
— | |
|
IBM Business Automation Workflow 18.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:18.0.0.2
|
— | |
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
— | |
|
IBM Business Automation Workflow 21.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:21.0.3
|
— |
In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Pufferüberläufe, einer fehlenden Begrenzung der Verschachtelungstiefe für Sammlungen und einer fehlenden Prüfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow 20.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:20.0.0.2
|
— | |
|
IBM Business Automation Workflow 19.0.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:19.0.0.3
|
— | |
|
IBM Business Automation Workflow 22.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.1
|
— | |
|
IBM Business Automation Workflow 18.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:18.0.0.2
|
— | |
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
— | |
|
IBM Business Automation Workflow 21.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:21.0.3
|
— |
In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Pufferüberläufe, einer fehlenden Begrenzung der Verschachtelungstiefe für Sammlungen und einer fehlenden Prüfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow 20.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:20.0.0.2
|
— | |
|
IBM Business Automation Workflow 19.0.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:19.0.0.3
|
— | |
|
IBM Business Automation Workflow 22.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.1
|
— | |
|
IBM Business Automation Workflow 18.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:18.0.0.2
|
— | |
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
— | |
|
IBM Business Automation Workflow 21.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:21.0.3
|
— |
In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Pufferüberläufe, einer fehlenden Begrenzung der Verschachtelungstiefe für Sammlungen und einer fehlenden Prüfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow 20.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:20.0.0.2
|
— | |
|
IBM Business Automation Workflow 19.0.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:19.0.0.3
|
— | |
|
IBM Business Automation Workflow 22.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.1
|
— | |
|
IBM Business Automation Workflow 18.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:18.0.0.2
|
— | |
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
— | |
|
IBM Business Automation Workflow 21.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:21.0.3
|
— |
In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Pufferüberläufe, einer fehlenden Begrenzung der Verschachtelungstiefe für Sammlungen und einer fehlenden Prüfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow 20.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:20.0.0.2
|
— | |
|
IBM Business Automation Workflow 19.0.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:19.0.0.3
|
— | |
|
IBM Business Automation Workflow 22.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.1
|
— | |
|
IBM Business Automation Workflow 18.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:18.0.0.2
|
— | |
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
— | |
|
IBM Business Automation Workflow 21.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:21.0.3
|
— |
In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Pufferüberläufe, einer fehlenden Begrenzung der Verschachtelungstiefe für Sammlungen und einer fehlenden Prüfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow 20.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:20.0.0.2
|
— | |
|
IBM Business Automation Workflow 19.0.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:19.0.0.3
|
— | |
|
IBM Business Automation Workflow 22.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.1
|
— | |
|
IBM Business Automation Workflow 18.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:18.0.0.2
|
— | |
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
— | |
|
IBM Business Automation Workflow 21.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:21.0.3
|
— |
In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Pufferüberläufe, einer fehlenden Begrenzung der Verschachtelungstiefe für Sammlungen und einer fehlenden Prüfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow 20.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:20.0.0.2
|
— | |
|
IBM Business Automation Workflow 19.0.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:19.0.0.3
|
— | |
|
IBM Business Automation Workflow 22.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.1
|
— | |
|
IBM Business Automation Workflow 18.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:18.0.0.2
|
— | |
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
— | |
|
IBM Business Automation Workflow 21.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:21.0.3
|
— |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Business Automation Workflow ist eine L\u00f6sung zur Automatisierung von Arbeitsabl\u00e4ufen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM Business Automation Workflow ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-2286 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2286.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-2286 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2286"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6958693 vom 2023-02-27",
"url": "https://www.ibm.com/support/pages/node/6958693"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2022-12-11",
"url": "https://www.ibm.com/support/pages/node/6845796"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6856761 vom 2023-01-20",
"url": "https://www.ibm.com/support/pages/node/6856761"
}
],
"source_lang": "en-US",
"title": "IBM Business Automation Workflow: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2023-02-27T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:39:40.132+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-2286",
"initial_release_date": "2022-12-11T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-12-11T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-01-22T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-02-27T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM Business Automation Workflow 21.0.3",
"product": {
"name": "IBM Business Automation Workflow 21.0.3",
"product_id": "1150328",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:21.0.3"
}
}
},
{
"category": "product_name",
"name": "IBM Business Automation Workflow 22.0.1",
"product": {
"name": "IBM Business Automation Workflow 22.0.1",
"product_id": "1268578",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:22.0.1"
}
}
},
{
"category": "product_name",
"name": "IBM Business Automation Workflow 18.0.0.2",
"product": {
"name": "IBM Business Automation Workflow 18.0.0.2",
"product_id": "428468",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:18.0.0.2"
}
}
},
{
"category": "product_name",
"name": "IBM Business Automation Workflow 19.0.0.3",
"product": {
"name": "IBM Business Automation Workflow 19.0.0.3",
"product_id": "672244",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:19.0.0.3"
}
}
},
{
"category": "product_name",
"name": "IBM Business Automation Workflow 20.0.0.2",
"product": {
"name": "IBM Business Automation Workflow 20.0.0.2",
"product_id": "867560",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:20.0.0.2"
}
}
},
{
"category": "product_name",
"name": "IBM Business Automation Workflow 22.0.2",
"product": {
"name": "IBM Business Automation Workflow 22.0.2",
"product_id": "T025770",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:22.0.2"
}
}
}
],
"category": "product_name",
"name": "Business Automation Workflow"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-42004",
"notes": [
{
"category": "description",
"text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Puffer\u00fcberl\u00e4ufe, einer fehlenden Begrenzung der Verschachtelungstiefe f\u00fcr Sammlungen und einer fehlenden Pr\u00fcfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"867560",
"672244",
"1268578",
"428468",
"T025770",
"1150328"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-42004"
},
{
"cve": "CVE-2022-42003",
"notes": [
{
"category": "description",
"text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Puffer\u00fcberl\u00e4ufe, einer fehlenden Begrenzung der Verschachtelungstiefe f\u00fcr Sammlungen und einer fehlenden Pr\u00fcfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"867560",
"672244",
"1268578",
"428468",
"T025770",
"1150328"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-38752",
"notes": [
{
"category": "description",
"text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Puffer\u00fcberl\u00e4ufe, einer fehlenden Begrenzung der Verschachtelungstiefe f\u00fcr Sammlungen und einer fehlenden Pr\u00fcfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"867560",
"672244",
"1268578",
"428468",
"T025770",
"1150328"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-38752"
},
{
"cve": "CVE-2022-38751",
"notes": [
{
"category": "description",
"text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Puffer\u00fcberl\u00e4ufe, einer fehlenden Begrenzung der Verschachtelungstiefe f\u00fcr Sammlungen und einer fehlenden Pr\u00fcfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"867560",
"672244",
"1268578",
"428468",
"T025770",
"1150328"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-38751"
},
{
"cve": "CVE-2022-38750",
"notes": [
{
"category": "description",
"text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Puffer\u00fcberl\u00e4ufe, einer fehlenden Begrenzung der Verschachtelungstiefe f\u00fcr Sammlungen und einer fehlenden Pr\u00fcfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"867560",
"672244",
"1268578",
"428468",
"T025770",
"1150328"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-38750"
},
{
"cve": "CVE-2022-38749",
"notes": [
{
"category": "description",
"text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Puffer\u00fcberl\u00e4ufe, einer fehlenden Begrenzung der Verschachtelungstiefe f\u00fcr Sammlungen und einer fehlenden Pr\u00fcfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"867560",
"672244",
"1268578",
"428468",
"T025770",
"1150328"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-38749"
},
{
"cve": "CVE-2022-25857",
"notes": [
{
"category": "description",
"text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Puffer\u00fcberl\u00e4ufe, einer fehlenden Begrenzung der Verschachtelungstiefe f\u00fcr Sammlungen und einer fehlenden Pr\u00fcfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"867560",
"672244",
"1268578",
"428468",
"T025770",
"1150328"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-25857"
}
]
}
WID-SEC-W-2022-2287
Vulnerability from csaf_certbund - Published: 2022-12-11 23:00 - Updated: 2023-06-29 22:00Summary
IBM MQ: Mehrere Schwachstellen ermöglichen Denial of Service
Severity
Niedrig
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM MQ ist eine Message Oriented Middleware von IBM.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM MQ ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
In IBM MQ existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund von mehreren Stack-Überläufen beim Parsen von YAML-Dateien in der Komponente SnakeYAML. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, indem er ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand auszulösen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM MQ CD 9.3
IBM / MQ
|
cpe:/a:ibm:mq:cd_9.3
|
— | |
|
IBM MQ LTS 9.3
IBM / MQ
|
cpe:/a:ibm:mq:lts_9.3
|
— | |
|
IBM MQ LTS 9.2
IBM / MQ
|
cpe:/a:ibm:mq:lts_9.2
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM MQ CD 9.2
IBM / MQ
|
cpe:/a:ibm:mq:cd_9.2
|
— |
In IBM MQ existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund von mehreren Stack-Überläufen beim Parsen von YAML-Dateien in der Komponente SnakeYAML. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, indem er ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand auszulösen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM MQ CD 9.3
IBM / MQ
|
cpe:/a:ibm:mq:cd_9.3
|
— | |
|
IBM MQ LTS 9.3
IBM / MQ
|
cpe:/a:ibm:mq:lts_9.3
|
— | |
|
IBM MQ LTS 9.2
IBM / MQ
|
cpe:/a:ibm:mq:lts_9.2
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM MQ CD 9.2
IBM / MQ
|
cpe:/a:ibm:mq:cd_9.2
|
— |
In IBM MQ existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund von mehreren Stack-Überläufen beim Parsen von YAML-Dateien in der Komponente SnakeYAML. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, indem er ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand auszulösen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM MQ CD 9.3
IBM / MQ
|
cpe:/a:ibm:mq:cd_9.3
|
— | |
|
IBM MQ LTS 9.3
IBM / MQ
|
cpe:/a:ibm:mq:lts_9.3
|
— | |
|
IBM MQ LTS 9.2
IBM / MQ
|
cpe:/a:ibm:mq:lts_9.2
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM MQ CD 9.2
IBM / MQ
|
cpe:/a:ibm:mq:cd_9.2
|
— |
In IBM MQ existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund von mehreren Stack-Überläufen beim Parsen von YAML-Dateien in der Komponente SnakeYAML. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, indem er ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand auszulösen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM MQ CD 9.3
IBM / MQ
|
cpe:/a:ibm:mq:cd_9.3
|
— | |
|
IBM MQ LTS 9.3
IBM / MQ
|
cpe:/a:ibm:mq:lts_9.3
|
— | |
|
IBM MQ LTS 9.2
IBM / MQ
|
cpe:/a:ibm:mq:lts_9.2
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM MQ CD 9.2
IBM / MQ
|
cpe:/a:ibm:mq:cd_9.2
|
— |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM MQ ist eine Message Oriented Middleware von IBM.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM MQ ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-2287 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2287.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-2287 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2287"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7008449 vom 2023-06-29",
"url": "https://www.ibm.com/support/pages/node/7008449"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6985689 vom 2023-04-24",
"url": "https://www.ibm.com/support/pages/node/6985689"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2022-12-11",
"url": "https://www.ibm.com/support/pages/node/6845824"
}
],
"source_lang": "en-US",
"title": "IBM MQ: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2023-06-29T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:39:40.578+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-2287",
"initial_release_date": "2022-12-11T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-12-11T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-04-24T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-06-29T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM DB2",
"product": {
"name": "IBM DB2",
"product_id": "5104",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:-"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "IBM MQ LTS 9.2",
"product": {
"name": "IBM MQ LTS 9.2",
"product_id": "T025537",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:lts_9.2"
}
}
},
{
"category": "product_name",
"name": "IBM MQ LTS 9.3",
"product": {
"name": "IBM MQ LTS 9.3",
"product_id": "T025538",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:lts_9.3"
}
}
},
{
"category": "product_name",
"name": "IBM MQ CD 9.3",
"product": {
"name": "IBM MQ CD 9.3",
"product_id": "T025539",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:cd_9.3"
}
}
},
{
"category": "product_name",
"name": "IBM MQ CD 9.2",
"product": {
"name": "IBM MQ CD 9.2",
"product_id": "T025540",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:cd_9.2"
}
}
}
],
"category": "product_name",
"name": "MQ"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-38749",
"notes": [
{
"category": "description",
"text": "In IBM MQ existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund von mehreren Stack-\u00dcberl\u00e4ufen beim Parsen von YAML-Dateien in der Komponente SnakeYAML. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, indem er ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand auszul\u00f6sen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T025539",
"T025538",
"T025537",
"5104",
"T025540"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-38749"
},
{
"cve": "CVE-2022-38750",
"notes": [
{
"category": "description",
"text": "In IBM MQ existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund von mehreren Stack-\u00dcberl\u00e4ufen beim Parsen von YAML-Dateien in der Komponente SnakeYAML. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, indem er ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand auszul\u00f6sen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T025539",
"T025538",
"T025537",
"5104",
"T025540"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-38750"
},
{
"cve": "CVE-2022-38751",
"notes": [
{
"category": "description",
"text": "In IBM MQ existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund von mehreren Stack-\u00dcberl\u00e4ufen beim Parsen von YAML-Dateien in der Komponente SnakeYAML. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, indem er ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand auszul\u00f6sen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T025539",
"T025538",
"T025537",
"5104",
"T025540"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-38751"
},
{
"cve": "CVE-2022-38752",
"notes": [
{
"category": "description",
"text": "In IBM MQ existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund von mehreren Stack-\u00dcberl\u00e4ufen beim Parsen von YAML-Dateien in der Komponente SnakeYAML. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, indem er ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand auszul\u00f6sen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T025539",
"T025538",
"T025537",
"5104",
"T025540"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-38752"
}
]
}
WID-SEC-W-2023-1142
Vulnerability from csaf_certbund - Published: 2023-05-03 22:00 - Updated: 2025-06-09 22:00Summary
Red Hat Integration Camel for Spring Boot: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Integration Camel for Spring Boot ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
References
30 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Integration Camel for Spring Boot ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1142 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1142.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1142 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1142"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2023-05-03",
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3179 vom 2023-05-17",
"url": "https://access.redhat.com/errata/RHSA-2023:3179"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3193 vom 2023-05-17",
"url": "https://access.redhat.com/errata/RHSA-2023:3193"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3622 vom 2023-06-15",
"url": "https://access.redhat.com/errata/RHSA-2023:3622"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3667 vom 2023-06-19",
"url": "https://access.redhat.com/errata/RHSA-2023:3667"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3626 vom 2023-06-23",
"url": "https://access.redhat.com/errata/RHSA-2023:3626"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3625 vom 2023-06-23",
"url": "https://access.redhat.com/errata/RHSA-2023:3625"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3906 vom 2023-06-28",
"url": "https://access.redhat.com/errata/RHSA-2023:3906"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3954 vom 2023-06-29",
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2023-2165 vom 2023-07-26",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2165.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4506 vom 2023-08-07",
"url": "https://access.redhat.com/errata/RHSA-2023:4506"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4507 vom 2023-08-07",
"url": "https://access.redhat.com/errata/RHSA-2023:4507"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4505 vom 2023-08-07",
"url": "https://access.redhat.com/errata/RHSA-2023:4505"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4509 vom 2023-08-07",
"url": "https://access.redhat.com/errata/RHSA-2023:4509"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4612 vom 2023-08-16",
"url": "https://access.redhat.com/errata/RHSA-2023:4612"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4919 vom 2023-08-31",
"url": "https://access.redhat.com/errata/RHSA-2023:4919"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4921 vom 2023-08-31",
"url": "https://access.redhat.com/errata/RHSA-2023:4921"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4924 vom 2023-08-31",
"url": "https://access.redhat.com/errata/RHSA-2023:4924"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4918 vom 2023-08-31",
"url": "https://access.redhat.com/errata/RHSA-2023:4918"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4920 vom 2023-08-31",
"url": "https://access.redhat.com/errata/RHSA-2023:4920"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7670 vom 2023-12-06",
"url": "https://access.redhat.com/errata/RHSA-2023:7670"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2023-300 vom 2023-12-22",
"url": "https://www.dell.com/support/kbdoc/000220649/dsa-2023-="
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2023-409 vom 2023-12-23",
"url": "https://www.dell.com/support/kbdoc/000220669/dsa-2023-="
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-1910 vom 2024-01-23",
"url": "https://alas.aws.amazon.com/ALAS-2024-1910.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1027 vom 2024-02-28",
"url": "https://access.redhat.com/errata/RHSA-2024:1027"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3541 vom 2025-04-02",
"url": "https://access.redhat.com/errata/RHSA-2025:3541"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3543 vom 2025-04-02",
"url": "https://access.redhat.com/errata/RHSA-2025:3543"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8761 vom 2025-06-10",
"url": "https://access.redhat.com/errata/RHSA-2025:8761"
}
],
"source_lang": "en-US",
"title": "Red Hat Integration Camel for Spring Boot: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-06-09T22:00:00.000+00:00",
"generator": {
"date": "2025-06-10T11:09:16.733+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2023-1142",
"initial_release_date": "2023-05-03T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-05-03T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-05-18T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-15T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-19T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-25T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-28T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-29T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-07-25T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-08-07T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-08-16T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-08-31T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-06T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-21T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2023-12-26T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-01-22T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-02-28T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-02T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-09T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "18"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T024663",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:-"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version_range",
"name": "Integration Camel for Spring Boot \u003c3.20.1",
"product": {
"name": "Red Hat Enterprise Linux Integration Camel for Spring Boot \u003c3.20.1",
"product_id": "T027614"
}
},
{
"category": "product_version",
"name": "Integration Camel for Spring Boot 3.20.1",
"product": {
"name": "Red Hat Enterprise Linux Integration Camel for Spring Boot 3.20.1",
"product_id": "T027614-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:integration_camel_for_spring_boot__3.20.1"
}
}
},
{
"category": "product_version",
"name": "Apache Camel 1",
"product": {
"name": "Red Hat Enterprise Linux Apache Camel 1",
"product_id": "T044468",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:apache_camel_1"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "Camel Extensions for Quarkus 1",
"product": {
"name": "Red Hat Integration Camel Extensions for Quarkus 1",
"product_id": "T026453",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:integration:camel_extensions_for_quarkus_1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Integration",
"product": {
"name": "Red Hat Integration",
"product_id": "T033960",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:integration:-"
}
}
}
],
"category": "product_name",
"name": "Integration"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Container Platform \u003c4.10.62",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.10.62",
"product_id": "T028308"
}
},
{
"category": "product_version",
"name": "Container Platform 4.10.62",
"product": {
"name": "Red Hat OpenShift Container Platform 4.10.62",
"product_id": "T028308-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.10.62"
}
}
},
{
"category": "product_version",
"name": "Application Runtimes",
"product": {
"name": "Red Hat OpenShift Application Runtimes",
"product_id": "T029341",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:application_runtimes"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-37533",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2021-37533"
},
{
"cve": "CVE-2022-25857",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-25857"
},
{
"cve": "CVE-2022-31777",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-31777"
},
{
"cve": "CVE-2022-33681",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-33681"
},
{
"cve": "CVE-2022-37865",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-37865"
},
{
"cve": "CVE-2022-37866",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-37866"
},
{
"cve": "CVE-2022-38398",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-38398"
},
{
"cve": "CVE-2022-38648",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-38648"
},
{
"cve": "CVE-2022-38749",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-38749"
},
{
"cve": "CVE-2022-38750",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-38750"
},
{
"cve": "CVE-2022-38751",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-38751"
},
{
"cve": "CVE-2022-38752",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-38752"
},
{
"cve": "CVE-2022-39368",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-39368"
},
{
"cve": "CVE-2022-40146",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-40146"
},
{
"cve": "CVE-2022-40150",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-40150"
},
{
"cve": "CVE-2022-40151",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-40151"
},
{
"cve": "CVE-2022-40152",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-40152"
},
{
"cve": "CVE-2022-40156",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-40156"
},
{
"cve": "CVE-2022-41704",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-41704"
},
{
"cve": "CVE-2022-41852",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-41852"
},
{
"cve": "CVE-2022-41853",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-41853"
},
{
"cve": "CVE-2022-41854",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-41854"
},
{
"cve": "CVE-2022-41881",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-41881"
},
{
"cve": "CVE-2022-41966",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-41966"
},
{
"cve": "CVE-2022-42003",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-42004",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-42004"
},
{
"cve": "CVE-2022-42890",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-42890"
},
{
"cve": "CVE-2022-4492",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-4492"
},
{
"cve": "CVE-2023-1370",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2023-1370"
},
{
"cve": "CVE-2023-1436",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2023-1436"
},
{
"cve": "CVE-2023-20860",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2023-20860"
},
{
"cve": "CVE-2023-20861",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2023-20861"
},
{
"cve": "CVE-2023-20863",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2023-20863"
},
{
"cve": "CVE-2023-22602",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2023-22602"
},
{
"cve": "CVE-2023-24998",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2023-24998"
}
]
}
WID-SEC-W-2023-1143
Vulnerability from csaf_certbund - Published: 2023-05-03 22:00 - Updated: 2025-05-18 22:00Summary
Red Hat Satellite: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Satellite dient als zentrale Stelle für das Management, die Verteilung von Updates in Netzwerken mit Red Hat Enterprise Linux Systemen.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Satellite ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuführen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Satellite <6.13
Red Hat / Satellite
|
<6.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
References
10 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Satellite dient als zentrale Stelle f\u00fcr das Management, die Verteilung von Updates in Netzwerken mit Red Hat Enterprise Linux Systemen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Satellite ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1143 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1143.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1143 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1143"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:2097 vom 2023-05-03",
"url": "https://access.redhat.com/errata/RHSA-2023:2097"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3566 vom 2023-09-13",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3565 vom 2023-09-13",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00011.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-1BBEA3700B vom 2023-11-23",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-1bbea3700b"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-91E69EA326 vom 2023-11-23",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-91e69ea326"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3901 vom 2024-09-28",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00044.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15120-1 vom 2025-05-18",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4IMNBB7ILYWTPHGNZ6BMSJ6C3YZLGIWO/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15125-1 vom 2025-05-18",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4QQONV4QKIWHRILZMO26H7FGDPO7KJAF/"
}
],
"source_lang": "en-US",
"title": "Red Hat Satellite: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-18T22:00:00.000+00:00",
"generator": {
"date": "2025-05-19T08:28:01.161+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2023-1143",
"initial_release_date": "2023-05-03T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-05-03T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-09-13T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-11-22T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2023-11-23T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-09-29T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-05-18T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von openSUSE aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.13",
"product": {
"name": "Red Hat Satellite \u003c6.13",
"product_id": "T027613"
}
},
{
"category": "product_version",
"name": "6.13",
"product": {
"name": "Red Hat Satellite 6.13",
"product_id": "T027613-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.13"
}
}
}
],
"category": "product_name",
"name": "Satellite"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1471",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-1471"
},
{
"cve": "CVE-2022-22577",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-22577"
},
{
"cve": "CVE-2022-23514",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-23514"
},
{
"cve": "CVE-2022-23515",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-23515"
},
{
"cve": "CVE-2022-23516",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-23516"
},
{
"cve": "CVE-2022-23517",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-23517"
},
{
"cve": "CVE-2022-23518",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-23518"
},
{
"cve": "CVE-2022-23519",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-23519"
},
{
"cve": "CVE-2022-23520",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-23520"
},
{
"cve": "CVE-2022-25857",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-25857"
},
{
"cve": "CVE-2022-27777",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-27777"
},
{
"cve": "CVE-2022-31163",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-31163"
},
{
"cve": "CVE-2022-32224",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-32224"
},
{
"cve": "CVE-2022-33980",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-33980"
},
{
"cve": "CVE-2022-38749",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-38749"
},
{
"cve": "CVE-2022-38750",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-38750"
},
{
"cve": "CVE-2022-38751",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-38751"
},
{
"cve": "CVE-2022-38752",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-38752"
},
{
"cve": "CVE-2022-41323",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-41323"
},
{
"cve": "CVE-2022-41946",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-41946"
},
{
"cve": "CVE-2022-42003",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-42004",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-42004"
},
{
"cve": "CVE-2022-42889",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-42889"
},
{
"cve": "CVE-2023-23969",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2023-23969"
},
{
"cve": "CVE-2023-24580",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T027613",
"74185"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2023-24580"
}
]
}
WID-SEC-W-2023-1755
Vulnerability from csaf_certbund - Published: 2023-07-16 22:00 - Updated: 2023-07-16 22:00Summary
IBM InfoSphere Information Server: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM InfoSphere Information Server ist eine Softwareplattform zur Integration heterogener Daten.
Angriff: Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM InfoSphere Information Server ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
References
6 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM InfoSphere Information Server ist eine Softwareplattform zur Integration heterogener Daten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM InfoSphere Information Server ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1755 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1755.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1755 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1755"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 7007051 vom 2023-07-16",
"url": "https://www.ibm.com/support/pages/node/7007051"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6988683 vom 2023-07-16",
"url": "https://www.ibm.com/support/pages/node/6988683"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6988679 vom 2023-07-16",
"url": "https://www.ibm.com/support/pages/node/6988679"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6988677 vom 2023-07-16",
"url": "https://www.ibm.com/support/pages/node/6988677"
}
],
"source_lang": "en-US",
"title": "IBM InfoSphere Information Server: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-07-16T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:55:36.670+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1755",
"initial_release_date": "2023-07-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-07-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM InfoSphere Information Server 11.7",
"product": {
"name": "IBM InfoSphere Information Server 11.7",
"product_id": "444803",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
}
}
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2861",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2023-2861"
},
{
"cve": "CVE-2023-20861",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2023-20861"
},
{
"cve": "CVE-2023-20860",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2023-20860"
},
{
"cve": "CVE-2023-1370",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2023-1370"
},
{
"cve": "CVE-2023-1108",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2023-1108"
},
{
"cve": "CVE-2022-4492",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2022-4492"
},
{
"cve": "CVE-2022-41854",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2022-41854"
},
{
"cve": "CVE-2022-38752",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2022-38752"
},
{
"cve": "CVE-2022-38751",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2022-38751"
},
{
"cve": "CVE-2022-38750",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2022-38750"
},
{
"cve": "CVE-2022-38749",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2022-38749"
},
{
"cve": "CVE-2022-25857",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2022-25857"
},
{
"cve": "CVE-2022-1471",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2022-1471"
},
{
"cve": "CVE-2022-1259",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2022-1259"
}
]
}
WID-SEC-W-2023-3132
Vulnerability from csaf_certbund - Published: 2023-12-12 23:00 - Updated: 2023-12-12 23:00Summary
IBM DB2: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.
Angriff: Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service zu verursachen.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
In IBM DB2 existieren mehrere Schwachstellen. Diese bestehen in den Kompnenten SnakeYaml und Java. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verusachen oder Code auszuführen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:v11.5
|
— |
In IBM DB2 existieren mehrere Schwachstellen. Diese bestehen in den Kompnenten SnakeYaml und Java. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verusachen oder Code auszuführen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:v11.5
|
— |
In IBM DB2 existieren mehrere Schwachstellen. Diese bestehen in den Kompnenten SnakeYaml und Java. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verusachen oder Code auszuführen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:v11.5
|
— |
In IBM DB2 existieren mehrere Schwachstellen. Diese bestehen in den Kompnenten SnakeYaml und Java. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verusachen oder Code auszuführen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:v11.5
|
— |
In IBM DB2 existieren mehrere Schwachstellen. Diese bestehen in den Kompnenten SnakeYaml und Java. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verusachen oder Code auszuführen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:v11.5
|
— |
In IBM DB2 existieren mehrere Schwachstellen. Diese bestehen in den Kompnenten SnakeYaml und Java. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verusachen oder Code auszuführen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:v11.5
|
— |
In IBM DB2 existieren mehrere Schwachstellen. Diese bestehen in den Kompnenten SnakeYaml und Java. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verusachen oder Code auszuführen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:v11.5
|
— |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-3132 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3132.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-3132 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3132"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-12-12",
"url": "https://www.ibm.com/support/pages/node/7095807"
}
],
"source_lang": "en-US",
"title": "IBM DB2: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-12-12T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:02:45.259+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-3132",
"initial_release_date": "2023-12-12T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-12-12T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM DB2 11.1",
"product": {
"name": "IBM DB2 11.1",
"product_id": "342000",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:11.1"
}
}
},
{
"category": "product_name",
"name": "IBM DB2 11.5",
"product": {
"name": "IBM DB2 11.5",
"product_id": "T015242",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:v11.5"
}
}
}
],
"category": "product_name",
"name": "DB2"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41854",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen. Diese bestehen in den Kompnenten SnakeYaml und Java. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verusachen oder Code auszuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"342000",
"T015242"
]
},
"release_date": "2023-12-12T23:00:00.000+00:00",
"title": "CVE-2022-41854"
},
{
"cve": "CVE-2022-38752",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen. Diese bestehen in den Kompnenten SnakeYaml und Java. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verusachen oder Code auszuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"342000",
"T015242"
]
},
"release_date": "2023-12-12T23:00:00.000+00:00",
"title": "CVE-2022-38752"
},
{
"cve": "CVE-2022-38751",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen. Diese bestehen in den Kompnenten SnakeYaml und Java. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verusachen oder Code auszuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"342000",
"T015242"
]
},
"release_date": "2023-12-12T23:00:00.000+00:00",
"title": "CVE-2022-38751"
},
{
"cve": "CVE-2022-38750",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen. Diese bestehen in den Kompnenten SnakeYaml und Java. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verusachen oder Code auszuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"342000",
"T015242"
]
},
"release_date": "2023-12-12T23:00:00.000+00:00",
"title": "CVE-2022-38750"
},
{
"cve": "CVE-2022-38749",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen. Diese bestehen in den Kompnenten SnakeYaml und Java. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verusachen oder Code auszuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"342000",
"T015242"
]
},
"release_date": "2023-12-12T23:00:00.000+00:00",
"title": "CVE-2022-38749"
},
{
"cve": "CVE-2022-25857",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen. Diese bestehen in den Kompnenten SnakeYaml und Java. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verusachen oder Code auszuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"342000",
"T015242"
]
},
"release_date": "2023-12-12T23:00:00.000+00:00",
"title": "CVE-2022-25857"
},
{
"cve": "CVE-2022-1471",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen. Diese bestehen in den Kompnenten SnakeYaml und Java. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verusachen oder Code auszuf\u00fchren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"342000",
"T015242"
]
},
"release_date": "2023-12-12T23:00:00.000+00:00",
"title": "CVE-2022-1471"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…