Vulnerability-Lookup

CVE-2023-26048 (GCVE-0-2023-26048)

Vulnerability from cvelistv5 – Published: 2023-04-18 20:30 – Updated: 2025-02-13 16:44

Title

OutOfMemoryError for large multipart without filename in Eclipse Jetty

Summary

Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

GitHub_M

References

8 references

URL	Tags
https://github.com/eclipse/jetty.project/security…	x_refsource_CONFIRM
https://github.com/eclipse/jetty.project/issues/9076	x_refsource_MISC
https://github.com/eclipse/jetty.project/pull/9344	x_refsource_MISC
https://github.com/eclipse/jetty.project/pull/9345	x_refsource_MISC
https://github.com/jakartaee/servlet/blob/6.0.0/s…	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2023052…
https://www.debian.org/security/2023/dsa-5507
https://lists.debian.org/debian-lts-announce/2023…

Impacted products

1 product

Vendor	Product	Version
eclipse	jetty.project	Affected: < 9.4.51 Affected: >= 10.0.0, < 10.0.14 Affected: >= 11.0.0, < 11.0.14

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:39:06.487Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
          },
          {
            "name": "https://github.com/eclipse/jetty.project/issues/9076",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/eclipse/jetty.project/issues/9076"
          },
          {
            "name": "https://github.com/eclipse/jetty.project/pull/9344",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/eclipse/jetty.project/pull/9344"
          },
          {
            "name": "https://github.com/eclipse/jetty.project/pull/9345",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/eclipse/jetty.project/pull/9345"
          },
          {
            "name": "https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230526-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5507"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-26048",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T19:43:53.088439Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T15:59:53.627Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jetty.project",
          "vendor": "eclipse",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 9.4.51"
            },
            {
              "status": "affected",
              "version": "\u003e= 10.0.0, \u003c 10.0.14"
            },
            {
              "status": "affected",
              "version": "\u003e= 11.0.0, \u003c 11.0.14"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-30T14:06:13.823Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
        },
        {
          "name": "https://github.com/eclipse/jetty.project/issues/9076",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/eclipse/jetty.project/issues/9076"
        },
        {
          "name": "https://github.com/eclipse/jetty.project/pull/9344",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/eclipse/jetty.project/pull/9344"
        },
        {
          "name": "https://github.com/eclipse/jetty.project/pull/9345",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/eclipse/jetty.project/pull/9345"
        },
        {
          "name": "https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230526-0001/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5507"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html"
        }
      ],
      "source": {
        "advisory": "GHSA-qw69-rqj8-6qw8",
        "discovery": "UNKNOWN"
      },
      "title": "OutOfMemoryError for large multipart without filename in Eclipse Jetty"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-26048",
    "datePublished": "2023-04-18T20:30:20.420Z",
    "dateReserved": "2023-02-17T22:44:03.150Z",
    "dateUpdated": "2025-02-13T16:44:44.177Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-26048",
      "date": "2026-06-14",
      "epss": "0.43407",
      "percentile": "0.97604"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.4.51\", \"matchCriteriaId\": \"5F910B13-4631-4220-A6B5-F677C5DBE1BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.0.0\", \"versionEndExcluding\": \"10.0.14\", \"matchCriteriaId\": \"013DE7B6-8442-4606-955A-E4BA7B670251\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0.0\", \"versionEndExcluding\": \"11.0.14\", \"matchCriteriaId\": \"7E8C62A3-4CA2-4DC8-B847-14EEDF689E77\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).\"}]",
      "id": "CVE-2023-26048",
      "lastModified": "2024-11-21T07:50:39.493",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
      "published": "2023-04-18T21:15:08.977",
      "references": "[{\"url\": \"https://github.com/eclipse/jetty.project/issues/9076\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/eclipse/jetty.project/pull/9344\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/eclipse/jetty.project/pull/9345\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Technical Description\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230526-0001/\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5507\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/eclipse/jetty.project/issues/9076\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/eclipse/jetty.project/pull/9344\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/eclipse/jetty.project/pull/9345\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Technical Description\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230526-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5507\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-26048\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-04-18T21:15:08.977\",\"lastModified\":\"2024-11-21T07:50:39.493\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.4.51\",\"matchCriteriaId\":\"5F910B13-4631-4220-A6B5-F677C5DBE1BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.14\",\"matchCriteriaId\":\"013DE7B6-8442-4606-955A-E4BA7B670251\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndExcluding\":\"11.0.14\",\"matchCriteriaId\":\"7E8C62A3-4CA2-4DC8-B847-14EEDF689E77\"}]}]}],\"references\":[{\"url\":\"https://github.com/eclipse/jetty.project/issues/9076\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/eclipse/jetty.project/pull/9344\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/eclipse/jetty.project/pull/9345\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Technical Description\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20230526-0001/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5507\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/eclipse/jetty.project/issues/9076\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/eclipse/jetty.project/pull/9344\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/eclipse/jetty.project/pull/9345\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20230526-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5507\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"OutOfMemoryError for large multipart without filename in Eclipse Jetty\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-400\", \"lang\": \"en\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"LOW\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"version\": \"3.1\"}}], \"references\": [{\"name\": \"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8\"}, {\"name\": \"https://github.com/eclipse/jetty.project/issues/9076\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/eclipse/jetty.project/issues/9076\"}, {\"name\": \"https://github.com/eclipse/jetty.project/pull/9344\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/eclipse/jetty.project/pull/9344\"}, {\"name\": \"https://github.com/eclipse/jetty.project/pull/9345\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/eclipse/jetty.project/pull/9345\"}, {\"name\": \"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230526-0001/\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5507\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html\"}], \"affected\": [{\"vendor\": \"eclipse\", \"product\": \"jetty.project\", \"versions\": [{\"version\": \"\u003c 9.4.51\", \"status\": \"affected\"}, {\"version\": \"\u003e= 10.0.0, \u003c 10.0.14\", \"status\": \"affected\"}, {\"version\": \"\u003e= 11.0.0, \u003c 11.0.14\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-04-18T20:30:20.420Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).\"}], \"source\": {\"advisory\": \"GHSA-qw69-rqj8-6qw8\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T11:39:06.487Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"name\": \"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8\"}, {\"name\": \"https://github.com/eclipse/jetty.project/issues/9076\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/eclipse/jetty.project/issues/9076\"}, {\"name\": \"https://github.com/eclipse/jetty.project/pull/9344\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/eclipse/jetty.project/pull/9344\"}, {\"name\": \"https://github.com/eclipse/jetty.project/pull/9345\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/eclipse/jetty.project/pull/9345\"}, {\"name\": \"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230526-0001/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5507\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html\", \"tags\": [\"x_transferred\"]}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-26048\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-05T19:43:53.088439Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-12T15:59:49.137Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-26048\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2023-02-17T22:44:03.150Z\", \"datePublished\": \"2023-04-18T20:30:20.420Z\", \"dateUpdated\": \"2025-02-12T15:59:53.627Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

RHSA-2024_0799

Vulnerability from csaf_redhat - Published: 2024-02-13 16:55 - Updated: 2024-12-17 04:52

Summary

Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update on RHEL 8

Severity

Important

Notes

Topic: New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.7 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291) * guava: insecure temporary directory creation (CVE-2023-2976) * jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048) * jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049) * reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134) * open redirect via "form_post.jwt" JARM response mode (CVE-2023-6927) * santuario: Private Key disclosure in debug-log output (CVE-2023-44483) * Log Injection during WebAuthn authentication or registration (CVE-2023-6484)3-44483) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2023-2976

A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-552 - Files or Directories Accessible to External Parties

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2023-6134

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.

4.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-6291

A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2023-6484

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-117 - Improper Output Neutralization for Logs

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2023-6927

A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.

4.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-26048

A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-26049

A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-44483

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-532 - Insertion of Sensitive Information into Log File

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix

Threats

Impact Moderate

References

47 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:0799	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2215229	external
https://bugzilla.redhat.com/show_bug.cgi?id=2236340	external
https://bugzilla.redhat.com/show_bug.cgi?id=2236341	external
https://bugzilla.redhat.com/show_bug.cgi?id=2246070	external
https://bugzilla.redhat.com/show_bug.cgi?id=2248423	external
https://bugzilla.redhat.com/show_bug.cgi?id=2249673	external
https://bugzilla.redhat.com/show_bug.cgi?id=2251407	external
https://bugzilla.redhat.com/show_bug.cgi?id=2255027	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-2976	self
https://bugzilla.redhat.com/show_bug.cgi?id=2215229	external
https://www.cve.org/CVERecord?id=CVE-2023-2976	external
https://nvd.nist.gov/vuln/detail/CVE-2023-2976	external
https://access.redhat.com/security/cve/CVE-2023-6134	self
https://bugzilla.redhat.com/show_bug.cgi?id=2249673	external
https://www.cve.org/CVERecord?id=CVE-2023-6134	external
https://nvd.nist.gov/vuln/detail/CVE-2023-6134	external
https://access.redhat.com/security/cve/CVE-2023-6291	self
https://bugzilla.redhat.com/show_bug.cgi?id=2251407	external
https://www.cve.org/CVERecord?id=CVE-2023-6291	external
https://nvd.nist.gov/vuln/detail/CVE-2023-6291	external
https://access.redhat.com/security/cve/CVE-2023-6484	self
https://bugzilla.redhat.com/show_bug.cgi?id=2248423	external
https://www.cve.org/CVERecord?id=CVE-2023-6484	external
https://nvd.nist.gov/vuln/detail/CVE-2023-6484	external
https://access.redhat.com/security/cve/CVE-2023-6927	self
https://bugzilla.redhat.com/show_bug.cgi?id=2255027	external
https://www.cve.org/CVERecord?id=CVE-2023-6927	external
https://nvd.nist.gov/vuln/detail/CVE-2023-6927	external
https://access.redhat.com/security/cve/CVE-2023-26048	self
https://bugzilla.redhat.com/show_bug.cgi?id=2236340	external
https://www.cve.org/CVERecord?id=CVE-2023-26048	external
https://nvd.nist.gov/vuln/detail/CVE-2023-26048	external
https://github.com/eclipse/jetty.project/security…	external
https://access.redhat.com/security/cve/CVE-2023-26049	self
https://bugzilla.redhat.com/show_bug.cgi?id=2236341	external
https://www.cve.org/CVERecord?id=CVE-2023-26049	external
https://nvd.nist.gov/vuln/detail/CVE-2023-26049	external
https://github.com/eclipse/jetty.project/security…	external
https://access.redhat.com/security/cve/CVE-2023-44483	self
https://bugzilla.redhat.com/show_bug.cgi?id=2246070	external
https://www.cve.org/CVERecord?id=CVE-2023-44483	external
https://nvd.nist.gov/vuln/detail/CVE-2023-44483	external
http://www.openwall.com/lists/oss-security/2023/10/20/5	external
https://lists.apache.org/thread/vmqbp9mfxtrf0kmbn…	external

Acknowledgments

https://security.lauritz-holtmann.de/ Lauritz Holtmann

Pontus.Hanssen@omegapoint.se Pontus Hanssen

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.7 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)\n* guava: insecure temporary directory creation (CVE-2023-2976)\n* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)\n* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)\n* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)\n* open redirect via \"form_post.jwt\" JARM response mode (CVE-2023-6927)\n* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)\n* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)3-44483)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:0799",
        "url": "https://access.redhat.com/errata/RHSA-2024:0799"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2215229",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
      },
      {
        "category": "external",
        "summary": "2236340",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
      },
      {
        "category": "external",
        "summary": "2236341",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
      },
      {
        "category": "external",
        "summary": "2246070",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070"
      },
      {
        "category": "external",
        "summary": "2248423",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423"
      },
      {
        "category": "external",
        "summary": "2249673",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673"
      },
      {
        "category": "external",
        "summary": "2251407",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407"
      },
      {
        "category": "external",
        "summary": "2255027",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0799.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update on RHEL 8",
    "tracking": {
      "current_release_date": "2024-12-17T04:52:00+00:00",
      "generator": {
        "date": "2024-12-17T04:52:00+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2024:0799",
      "initial_release_date": "2024-02-13T16:55:12+00:00",
      "revision_history": [
        {
          "date": "2024-02-13T16:55:12+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-02-13T16:55:12+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-17T04:52:00+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Single Sign-On 7.6 for RHEL 8",
                "product": {
                  "name": "Red Hat Single Sign-On 7.6 for RHEL 8",
                  "product_id": "8Base-RHSSO-7.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Single Sign-On"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
                "product": {
                  "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
                  "product_id": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.12-1.redhat_00001.1.el8sso?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
                "product": {
                  "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
                  "product_id": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.12-1.redhat_00001.1.el8sso?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
                "product": {
                  "name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
                  "product_id": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.12-1.redhat_00001.1.el8sso?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8",
          "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
        },
        "product_reference": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
        "relates_to_product_reference": "8Base-RHSSO-7.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 8",
          "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src"
        },
        "product_reference": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
        "relates_to_product_reference": "8Base-RHSSO-7.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8",
          "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
        },
        "product_reference": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
        "relates_to_product_reference": "8Base-RHSSO-7.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-2976",
      "cwe": {
        "id": "CWE-552",
        "name": "Files or Directories Accessible to External Parties"
      },
      "discovery_date": "2023-06-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2215229"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "guava: insecure temporary directory creation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
          "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
          "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-2976"
        },
        {
          "category": "external",
          "summary": "RHBZ#2215229",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
        }
      ],
      "release_date": "2023-06-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:55:12+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0799"
        },
        {
          "category": "workaround",
          "details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
          "product_ids": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "guava: insecure temporary directory creation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Lauritz Holtmann"
          ],
          "organization": "https://security.lauritz-holtmann.de/"
        }
      ],
      "cve": "CVE-2023-6134",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2023-11-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2249673"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: reflected XSS via wildcard in OIDC redirect_uri",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
          "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
          "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6134"
        },
        {
          "category": "external",
          "summary": "RHBZ#2249673",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6134",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6134"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134"
        }
      ],
      "release_date": "2023-11-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:55:12+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: reflected XSS via wildcard in OIDC redirect_uri"
    },
    {
      "cve": "CVE-2023-6291",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "discovery_date": "2023-11-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2251407"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: redirect_uri validation bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
          "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
          "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6291"
        },
        {
          "category": "external",
          "summary": "RHBZ#2251407",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6291",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6291"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291"
        }
      ],
      "release_date": "2023-12-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:55:12+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0799"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak: redirect_uri validation bypass"
    },
    {
      "cve": "CVE-2023-6484",
      "cwe": {
        "id": "CWE-117",
        "name": "Improper Output Neutralization for Logs"
      },
      "discovery_date": "2023-11-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2248423"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Log Injection during WebAuthn authentication or registration",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
          "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
          "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6484"
        },
        {
          "category": "external",
          "summary": "RHBZ#2248423",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6484",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6484"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484"
        }
      ],
      "release_date": "2023-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:55:12+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "keycloak: Log Injection during WebAuthn authentication or registration"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Pontus Hanssen"
          ],
          "organization": "Pontus.Hanssen@omegapoint.se"
        }
      ],
      "cve": "CVE-2023-6927",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "discovery_date": "2023-12-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2255027"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode \"form_post.jwt\" which could be used to bypass the security patch implemented to address CVE-2023-6134.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: open redirect via \"form_post.jwt\" JARM response mode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates this as a moderate, following the same case for CVE-2023-6134, but with another response mode with JSON Web Token.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
          "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
          "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6927"
        },
        {
          "category": "external",
          "summary": "RHBZ#2255027",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6927",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6927"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927"
        }
      ],
      "release_date": "2023-12-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:55:12+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0799"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: open redirect via \"form_post.jwt\" JARM response mode"
    },
    {
      "cve": "CVE-2023-26048",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2023-08-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2236340"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
          "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
          "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26048"
        },
        {
          "category": "external",
          "summary": "RHBZ#2236340",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
        }
      ],
      "release_date": "2023-04-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:55:12+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()"
    },
    {
      "cve": "CVE-2023-26049",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2023-08-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2236341"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
          "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
          "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26049"
        },
        {
          "category": "external",
          "summary": "RHBZ#2236341",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c"
        }
      ],
      "release_date": "2023-04-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:55:12+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies"
    },
    {
      "cve": "CVE-2023-44483",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "discovery_date": "2023-10-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2246070"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "santuario: Private Key disclosure in debug-log output",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
          "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
          "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-44483"
        },
        {
          "category": "external",
          "summary": "RHBZ#2246070",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44483",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483"
        },
        {
          "category": "external",
          "summary": "http://www.openwall.com/lists/oss-security/2023/10/20/5",
          "url": "http://www.openwall.com/lists/oss-security/2023/10/20/5"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55",
          "url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55"
        }
      ],
      "release_date": "2023-10-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:55:12+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "santuario: Private Key disclosure in debug-log output"
    }
  ]
}

RHSA-2024_0800

Vulnerability from csaf_redhat - Published: 2024-02-13 16:55 - Updated: 2024-12-17 04:52

Summary

Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update on RHEL 9

Severity

Important

Notes

Topic: New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.7 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291) * guava: insecure temporary directory creation (CVE-2023-2976) * jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048) * jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049) * reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134) * open redirect via "form_post.jwt" JARM response mode (CVE-2023-6927) * santuario: Private Key disclosure in debug-log output (CVE-2023-44483) * Log Injection during WebAuthn authentication or registration (CVE-2023-6484) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-2976

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-552 - Files or Directories Accessible to External Parties

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2023-6134

4.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src	—	Vendor Fix fix
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-6291

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2023-6484

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-117 - Improper Output Neutralization for Logs

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src	—	Vendor Fix fix
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2023-6927

4.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-26048

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src	—	Vendor Fix fix
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-26049

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src	—	Vendor Fix fix
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-44483

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-532 - Insertion of Sensitive Information into Log File

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src	—	Vendor Fix fix
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch	—	Vendor Fix fix

Threats

Impact Moderate

References

47 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:0800	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2215229	external
https://bugzilla.redhat.com/show_bug.cgi?id=2236340	external
https://bugzilla.redhat.com/show_bug.cgi?id=2236341	external
https://bugzilla.redhat.com/show_bug.cgi?id=2246070	external
https://bugzilla.redhat.com/show_bug.cgi?id=2248423	external
https://bugzilla.redhat.com/show_bug.cgi?id=2249673	external
https://bugzilla.redhat.com/show_bug.cgi?id=2251407	external
https://bugzilla.redhat.com/show_bug.cgi?id=2255027	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-2976	self
https://bugzilla.redhat.com/show_bug.cgi?id=2215229	external
https://www.cve.org/CVERecord?id=CVE-2023-2976	external
https://nvd.nist.gov/vuln/detail/CVE-2023-2976	external
https://access.redhat.com/security/cve/CVE-2023-6134	self
https://bugzilla.redhat.com/show_bug.cgi?id=2249673	external
https://www.cve.org/CVERecord?id=CVE-2023-6134	external
https://nvd.nist.gov/vuln/detail/CVE-2023-6134	external
https://access.redhat.com/security/cve/CVE-2023-6291	self
https://bugzilla.redhat.com/show_bug.cgi?id=2251407	external
https://www.cve.org/CVERecord?id=CVE-2023-6291	external
https://nvd.nist.gov/vuln/detail/CVE-2023-6291	external
https://access.redhat.com/security/cve/CVE-2023-6484	self
https://bugzilla.redhat.com/show_bug.cgi?id=2248423	external
https://www.cve.org/CVERecord?id=CVE-2023-6484	external
https://nvd.nist.gov/vuln/detail/CVE-2023-6484	external
https://access.redhat.com/security/cve/CVE-2023-6927	self
https://bugzilla.redhat.com/show_bug.cgi?id=2255027	external
https://www.cve.org/CVERecord?id=CVE-2023-6927	external
https://nvd.nist.gov/vuln/detail/CVE-2023-6927	external
https://access.redhat.com/security/cve/CVE-2023-26048	self
https://bugzilla.redhat.com/show_bug.cgi?id=2236340	external
https://www.cve.org/CVERecord?id=CVE-2023-26048	external
https://nvd.nist.gov/vuln/detail/CVE-2023-26048	external
https://github.com/eclipse/jetty.project/security…	external
https://access.redhat.com/security/cve/CVE-2023-26049	self
https://bugzilla.redhat.com/show_bug.cgi?id=2236341	external
https://www.cve.org/CVERecord?id=CVE-2023-26049	external
https://nvd.nist.gov/vuln/detail/CVE-2023-26049	external
https://github.com/eclipse/jetty.project/security…	external
https://access.redhat.com/security/cve/CVE-2023-44483	self
https://bugzilla.redhat.com/show_bug.cgi?id=2246070	external
https://www.cve.org/CVERecord?id=CVE-2023-44483	external
https://nvd.nist.gov/vuln/detail/CVE-2023-44483	external
http://www.openwall.com/lists/oss-security/2023/10/20/5	external
https://lists.apache.org/thread/vmqbp9mfxtrf0kmbn…	external

Acknowledgments

https://security.lauritz-holtmann.de/ Lauritz Holtmann

Pontus.Hanssen@omegapoint.se Pontus Hanssen

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.7 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)\n* guava: insecure temporary directory creation (CVE-2023-2976)\n* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)\n* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)\n* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)\n* open redirect via \"form_post.jwt\" JARM response mode (CVE-2023-6927)\n* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)\n* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:0800",
        "url": "https://access.redhat.com/errata/RHSA-2024:0800"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2215229",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
      },
      {
        "category": "external",
        "summary": "2236340",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
      },
      {
        "category": "external",
        "summary": "2236341",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
      },
      {
        "category": "external",
        "summary": "2246070",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070"
      },
      {
        "category": "external",
        "summary": "2248423",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423"
      },
      {
        "category": "external",
        "summary": "2249673",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673"
      },
      {
        "category": "external",
        "summary": "2251407",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407"
      },
      {
        "category": "external",
        "summary": "2255027",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0800.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update on RHEL 9",
    "tracking": {
      "current_release_date": "2024-12-17T04:52:34+00:00",
      "generator": {
        "date": "2024-12-17T04:52:34+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2024:0800",
      "initial_release_date": "2024-02-13T16:55:27+00:00",
      "revision_history": [
        {
          "date": "2024-02-13T16:55:27+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-02-13T16:55:27+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-17T04:52:34+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Single Sign-On 7.6 for RHEL 9",
                "product": {
                  "name": "Red Hat Single Sign-On 7.6 for RHEL 9",
                  "product_id": "9Base-RHSSO-7.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Single Sign-On"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
                "product": {
                  "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
                  "product_id": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.12-1.redhat_00001.1.el9sso?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
                "product": {
                  "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
                  "product_id": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.12-1.redhat_00001.1.el9sso?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
                "product": {
                  "name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
                  "product_id": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.12-1.redhat_00001.1.el9sso?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9",
          "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
        },
        "product_reference": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
        "relates_to_product_reference": "9Base-RHSSO-7.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9",
          "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src"
        },
        "product_reference": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
        "relates_to_product_reference": "9Base-RHSSO-7.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9",
          "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
        },
        "product_reference": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
        "relates_to_product_reference": "9Base-RHSSO-7.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-2976",
      "cwe": {
        "id": "CWE-552",
        "name": "Files or Directories Accessible to External Parties"
      },
      "discovery_date": "2023-06-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2215229"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "guava: insecure temporary directory creation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-2976"
        },
        {
          "category": "external",
          "summary": "RHBZ#2215229",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
        }
      ],
      "release_date": "2023-06-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:55:27+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0800"
        },
        {
          "category": "workaround",
          "details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
          "product_ids": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "guava: insecure temporary directory creation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Lauritz Holtmann"
          ],
          "organization": "https://security.lauritz-holtmann.de/"
        }
      ],
      "cve": "CVE-2023-6134",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2023-11-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2249673"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: reflected XSS via wildcard in OIDC redirect_uri",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6134"
        },
        {
          "category": "external",
          "summary": "RHBZ#2249673",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6134",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6134"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134"
        }
      ],
      "release_date": "2023-11-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:55:27+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0800"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: reflected XSS via wildcard in OIDC redirect_uri"
    },
    {
      "cve": "CVE-2023-6291",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "discovery_date": "2023-11-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2251407"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: redirect_uri validation bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6291"
        },
        {
          "category": "external",
          "summary": "RHBZ#2251407",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6291",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6291"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291"
        }
      ],
      "release_date": "2023-12-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:55:27+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0800"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak: redirect_uri validation bypass"
    },
    {
      "cve": "CVE-2023-6484",
      "cwe": {
        "id": "CWE-117",
        "name": "Improper Output Neutralization for Logs"
      },
      "discovery_date": "2023-11-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2248423"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Log Injection during WebAuthn authentication or registration",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6484"
        },
        {
          "category": "external",
          "summary": "RHBZ#2248423",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6484",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6484"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484"
        }
      ],
      "release_date": "2023-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:55:27+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0800"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "keycloak: Log Injection during WebAuthn authentication or registration"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Pontus Hanssen"
          ],
          "organization": "Pontus.Hanssen@omegapoint.se"
        }
      ],
      "cve": "CVE-2023-6927",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "discovery_date": "2023-12-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2255027"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode \"form_post.jwt\" which could be used to bypass the security patch implemented to address CVE-2023-6134.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: open redirect via \"form_post.jwt\" JARM response mode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates this as a moderate, following the same case for CVE-2023-6134, but with another response mode with JSON Web Token.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6927"
        },
        {
          "category": "external",
          "summary": "RHBZ#2255027",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6927",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6927"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927"
        }
      ],
      "release_date": "2023-12-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:55:27+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0800"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: open redirect via \"form_post.jwt\" JARM response mode"
    },
    {
      "cve": "CVE-2023-26048",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2023-08-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2236340"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26048"
        },
        {
          "category": "external",
          "summary": "RHBZ#2236340",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
        }
      ],
      "release_date": "2023-04-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:55:27+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0800"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()"
    },
    {
      "cve": "CVE-2023-26049",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2023-08-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2236341"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26049"
        },
        {
          "category": "external",
          "summary": "RHBZ#2236341",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c"
        }
      ],
      "release_date": "2023-04-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:55:27+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0800"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies"
    },
    {
      "cve": "CVE-2023-44483",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "discovery_date": "2023-10-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2246070"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "santuario: Private Key disclosure in debug-log output",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-44483"
        },
        {
          "category": "external",
          "summary": "RHBZ#2246070",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44483",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483"
        },
        {
          "category": "external",
          "summary": "http://www.openwall.com/lists/oss-security/2023/10/20/5",
          "url": "http://www.openwall.com/lists/oss-security/2023/10/20/5"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55",
          "url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55"
        }
      ],
      "release_date": "2023-10-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:55:27+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0800"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "santuario: Private Key disclosure in debug-log output"
    }
  ]
}

RHSA-2024_0801

Vulnerability from csaf_redhat - Published: 2024-02-13 16:54 - Updated: 2024-12-17 04:52

Summary

Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 for OpenShift image enhancement update

Severity

Important

Notes

Topic: A new image is available for Red Hat Single Sign-On 7.6.7, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. Security Fix(es): * redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291) * guava: insecure temporary directory creation (CVE-2023-2976) * jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048) * jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049) * reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134) * open redirect via "form_post.jwt" JARM response mode (CVE-2023-6927) * santuario: Private Key disclosure in debug-log output (CVE-2023-44483) * Log Injection during WebAuthn authentication or registration (CVE-2023-6484) This erratum releases a new image for Red Hat Single Sign-On 7.6.7 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.

CVE-2023-2976

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-552 - Files or Directories Accessible to External Parties

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-6134

4.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-6291

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2023-6484

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-117 - Improper Output Neutralization for Logs

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le	—	Vendor Fix fix

Threats

Impact Low

CVE-2023-6927

4.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-26048

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-26049

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-44483

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-532 - Insertion of Sensitive Information into Log File

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le	—	Vendor Fix fix

Threats

Impact Moderate

References

47 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:0801	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2215229	external
https://bugzilla.redhat.com/show_bug.cgi?id=2236340	external
https://bugzilla.redhat.com/show_bug.cgi?id=2236341	external
https://bugzilla.redhat.com/show_bug.cgi?id=2246070	external
https://bugzilla.redhat.com/show_bug.cgi?id=2248423	external
https://bugzilla.redhat.com/show_bug.cgi?id=2249673	external
https://bugzilla.redhat.com/show_bug.cgi?id=2251407	external
https://bugzilla.redhat.com/show_bug.cgi?id=2255027	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-2976	self
https://bugzilla.redhat.com/show_bug.cgi?id=2215229	external
https://www.cve.org/CVERecord?id=CVE-2023-2976	external
https://nvd.nist.gov/vuln/detail/CVE-2023-2976	external
https://access.redhat.com/security/cve/CVE-2023-6134	self
https://bugzilla.redhat.com/show_bug.cgi?id=2249673	external
https://www.cve.org/CVERecord?id=CVE-2023-6134	external
https://nvd.nist.gov/vuln/detail/CVE-2023-6134	external
https://access.redhat.com/security/cve/CVE-2023-6291	self
https://bugzilla.redhat.com/show_bug.cgi?id=2251407	external
https://www.cve.org/CVERecord?id=CVE-2023-6291	external
https://nvd.nist.gov/vuln/detail/CVE-2023-6291	external
https://access.redhat.com/security/cve/CVE-2023-6484	self
https://bugzilla.redhat.com/show_bug.cgi?id=2248423	external
https://www.cve.org/CVERecord?id=CVE-2023-6484	external
https://nvd.nist.gov/vuln/detail/CVE-2023-6484	external
https://access.redhat.com/security/cve/CVE-2023-6927	self
https://bugzilla.redhat.com/show_bug.cgi?id=2255027	external
https://www.cve.org/CVERecord?id=CVE-2023-6927	external
https://nvd.nist.gov/vuln/detail/CVE-2023-6927	external
https://access.redhat.com/security/cve/CVE-2023-26048	self
https://bugzilla.redhat.com/show_bug.cgi?id=2236340	external
https://www.cve.org/CVERecord?id=CVE-2023-26048	external
https://nvd.nist.gov/vuln/detail/CVE-2023-26048	external
https://github.com/eclipse/jetty.project/security…	external
https://access.redhat.com/security/cve/CVE-2023-26049	self
https://bugzilla.redhat.com/show_bug.cgi?id=2236341	external
https://www.cve.org/CVERecord?id=CVE-2023-26049	external
https://nvd.nist.gov/vuln/detail/CVE-2023-26049	external
https://github.com/eclipse/jetty.project/security…	external
https://access.redhat.com/security/cve/CVE-2023-44483	self
https://bugzilla.redhat.com/show_bug.cgi?id=2246070	external
https://www.cve.org/CVERecord?id=CVE-2023-44483	external
https://nvd.nist.gov/vuln/detail/CVE-2023-44483	external
http://www.openwall.com/lists/oss-security/2023/10/20/5	external
https://lists.apache.org/thread/vmqbp9mfxtrf0kmbn…	external

Acknowledgments

https://security.lauritz-holtmann.de/ Lauritz Holtmann

Pontus.Hanssen@omegapoint.se Pontus Hanssen

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A new image is available for Red Hat Single Sign-On 7.6.7, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Single Sign-On is an integrated sign-on solution, available as a\nRed Hat JBoss Middleware for OpenShift containerized image. The Red Hat\nSingle Sign-On for OpenShift image provides an authentication server that\nyou can use to log in centrally, log out, and register. You can also manage\nuser accounts for web applications, mobile applications, and RESTful web\nservices.\n\nSecurity Fix(es):\n* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)\n* guava: insecure temporary directory creation (CVE-2023-2976)\n* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)\n* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)\n* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)\n* open redirect via \"form_post.jwt\" JARM response mode (CVE-2023-6927)\n* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)\n* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)\n\nThis erratum releases a new image for Red Hat Single Sign-On 7.6.7 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform\n3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:0801",
        "url": "https://access.redhat.com/errata/RHSA-2024:0801"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2215229",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
      },
      {
        "category": "external",
        "summary": "2236340",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
      },
      {
        "category": "external",
        "summary": "2236341",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
      },
      {
        "category": "external",
        "summary": "2246070",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070"
      },
      {
        "category": "external",
        "summary": "2248423",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423"
      },
      {
        "category": "external",
        "summary": "2249673",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673"
      },
      {
        "category": "external",
        "summary": "2251407",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407"
      },
      {
        "category": "external",
        "summary": "2255027",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0801.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 for OpenShift image enhancement update",
    "tracking": {
      "current_release_date": "2024-12-17T04:52:12+00:00",
      "generator": {
        "date": "2024-12-17T04:52:12+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2024:0801",
      "initial_release_date": "2024-02-13T16:54:08+00:00",
      "revision_history": [
        {
          "date": "2024-02-13T16:54:08+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-02-13T16:54:08+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-17T04:52:12+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Middleware Containers for OpenShift",
                "product": {
                  "name": "Middleware Containers for OpenShift",
                  "product_id": "8Base-RHOSE-Middleware",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhosemc:1.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
                "product": {
                  "name": "rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
                  "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995?arch=s390x\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-41"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
                "product": {
                  "name": "rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
                  "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab?arch=amd64\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-41"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le",
                "product": {
                  "name": "rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le",
                  "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d?arch=ppc64le\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-41"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64 as a component of Middleware Containers for OpenShift",
          "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64"
        },
        "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
        "relates_to_product_reference": "8Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x as a component of Middleware Containers for OpenShift",
          "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x"
        },
        "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
        "relates_to_product_reference": "8Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le as a component of Middleware Containers for OpenShift",
          "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
        },
        "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-Middleware"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-2976",
      "cwe": {
        "id": "CWE-552",
        "name": "Files or Directories Accessible to External Parties"
      },
      "discovery_date": "2023-06-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2215229"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "guava: insecure temporary directory creation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-2976"
        },
        {
          "category": "external",
          "summary": "RHBZ#2215229",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
        }
      ],
      "release_date": "2023-06-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:54:08+00:00",
          "details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0801"
        },
        {
          "category": "workaround",
          "details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "guava: insecure temporary directory creation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Lauritz Holtmann"
          ],
          "organization": "https://security.lauritz-holtmann.de/"
        }
      ],
      "cve": "CVE-2023-6134",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2023-11-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2249673"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: reflected XSS via wildcard in OIDC redirect_uri",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6134"
        },
        {
          "category": "external",
          "summary": "RHBZ#2249673",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6134",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6134"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134"
        }
      ],
      "release_date": "2023-11-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:54:08+00:00",
          "details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0801"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: reflected XSS via wildcard in OIDC redirect_uri"
    },
    {
      "cve": "CVE-2023-6291",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "discovery_date": "2023-11-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2251407"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: redirect_uri validation bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6291"
        },
        {
          "category": "external",
          "summary": "RHBZ#2251407",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6291",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6291"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291"
        }
      ],
      "release_date": "2023-12-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:54:08+00:00",
          "details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0801"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak: redirect_uri validation bypass"
    },
    {
      "cve": "CVE-2023-6484",
      "cwe": {
        "id": "CWE-117",
        "name": "Improper Output Neutralization for Logs"
      },
      "discovery_date": "2023-11-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2248423"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Log Injection during WebAuthn authentication or registration",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6484"
        },
        {
          "category": "external",
          "summary": "RHBZ#2248423",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6484",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6484"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484"
        }
      ],
      "release_date": "2023-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:54:08+00:00",
          "details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0801"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "keycloak: Log Injection during WebAuthn authentication or registration"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Pontus Hanssen"
          ],
          "organization": "Pontus.Hanssen@omegapoint.se"
        }
      ],
      "cve": "CVE-2023-6927",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "discovery_date": "2023-12-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2255027"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode \"form_post.jwt\" which could be used to bypass the security patch implemented to address CVE-2023-6134.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: open redirect via \"form_post.jwt\" JARM response mode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates this as a moderate, following the same case for CVE-2023-6134, but with another response mode with JSON Web Token.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6927"
        },
        {
          "category": "external",
          "summary": "RHBZ#2255027",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6927",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6927"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927"
        }
      ],
      "release_date": "2023-12-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:54:08+00:00",
          "details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0801"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: open redirect via \"form_post.jwt\" JARM response mode"
    },
    {
      "cve": "CVE-2023-26048",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2023-08-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2236340"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26048"
        },
        {
          "category": "external",
          "summary": "RHBZ#2236340",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
        }
      ],
      "release_date": "2023-04-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:54:08+00:00",
          "details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0801"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()"
    },
    {
      "cve": "CVE-2023-26049",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2023-08-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2236341"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26049"
        },
        {
          "category": "external",
          "summary": "RHBZ#2236341",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c"
        }
      ],
      "release_date": "2023-04-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:54:08+00:00",
          "details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0801"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies"
    },
    {
      "cve": "CVE-2023-44483",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "discovery_date": "2023-10-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2246070"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "santuario: Private Key disclosure in debug-log output",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-44483"
        },
        {
          "category": "external",
          "summary": "RHBZ#2246070",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44483",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483"
        },
        {
          "category": "external",
          "summary": "http://www.openwall.com/lists/oss-security/2023/10/20/5",
          "url": "http://www.openwall.com/lists/oss-security/2023/10/20/5"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55",
          "url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55"
        }
      ],
      "release_date": "2023-10-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T16:54:08+00:00",
          "details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0801"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "santuario: Private Key disclosure in debug-log output"
    }
  ]
}

RHSA-2024_0804

Vulnerability from csaf_redhat - Published: 2024-02-13 17:07 - Updated: 2024-12-17 04:52

Summary

Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update

Severity

Important

Notes

Topic: A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.7 serves as a replacement for Red Hat Single Sign-On 7.6.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291) * guava: insecure temporary directory creation (CVE-2023-2976) * jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048) * jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049) * reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134) * open redirect via "form_post.jwt" JARM response mode (CVE-2023-6927) * santuario: Private Key disclosure in debug-log output (CVE-2023-44483) * Log Injection during WebAuthn authentication or registration (CVE-2023-6484) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-2976

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-552 - Files or Directories Accessible to External Parties

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2023-6134

4.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-6291

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2023-6484

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-117 - Improper Output Neutralization for Logs

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Low

CVE-2023-6927

4.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-26048

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-26049

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-44483

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-532 - Insertion of Sensitive Information into Log File

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

References

47 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:0804	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2215229	external
https://bugzilla.redhat.com/show_bug.cgi?id=2236340	external
https://bugzilla.redhat.com/show_bug.cgi?id=2236341	external
https://bugzilla.redhat.com/show_bug.cgi?id=2246070	external
https://bugzilla.redhat.com/show_bug.cgi?id=2248423	external
https://bugzilla.redhat.com/show_bug.cgi?id=2249673	external
https://bugzilla.redhat.com/show_bug.cgi?id=2251407	external
https://bugzilla.redhat.com/show_bug.cgi?id=2255027	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-2976	self
https://bugzilla.redhat.com/show_bug.cgi?id=2215229	external
https://www.cve.org/CVERecord?id=CVE-2023-2976	external
https://nvd.nist.gov/vuln/detail/CVE-2023-2976	external
https://access.redhat.com/security/cve/CVE-2023-6134	self
https://bugzilla.redhat.com/show_bug.cgi?id=2249673	external
https://www.cve.org/CVERecord?id=CVE-2023-6134	external
https://nvd.nist.gov/vuln/detail/CVE-2023-6134	external
https://access.redhat.com/security/cve/CVE-2023-6291	self
https://bugzilla.redhat.com/show_bug.cgi?id=2251407	external
https://www.cve.org/CVERecord?id=CVE-2023-6291	external
https://nvd.nist.gov/vuln/detail/CVE-2023-6291	external
https://access.redhat.com/security/cve/CVE-2023-6484	self
https://bugzilla.redhat.com/show_bug.cgi?id=2248423	external
https://www.cve.org/CVERecord?id=CVE-2023-6484	external
https://nvd.nist.gov/vuln/detail/CVE-2023-6484	external
https://access.redhat.com/security/cve/CVE-2023-6927	self
https://bugzilla.redhat.com/show_bug.cgi?id=2255027	external
https://www.cve.org/CVERecord?id=CVE-2023-6927	external
https://nvd.nist.gov/vuln/detail/CVE-2023-6927	external
https://access.redhat.com/security/cve/CVE-2023-26048	self
https://bugzilla.redhat.com/show_bug.cgi?id=2236340	external
https://www.cve.org/CVERecord?id=CVE-2023-26048	external
https://nvd.nist.gov/vuln/detail/CVE-2023-26048	external
https://github.com/eclipse/jetty.project/security…	external
https://access.redhat.com/security/cve/CVE-2023-26049	self
https://bugzilla.redhat.com/show_bug.cgi?id=2236341	external
https://www.cve.org/CVERecord?id=CVE-2023-26049	external
https://nvd.nist.gov/vuln/detail/CVE-2023-26049	external
https://github.com/eclipse/jetty.project/security…	external
https://access.redhat.com/security/cve/CVE-2023-44483	self
https://bugzilla.redhat.com/show_bug.cgi?id=2246070	external
https://www.cve.org/CVERecord?id=CVE-2023-44483	external
https://nvd.nist.gov/vuln/detail/CVE-2023-44483	external
http://www.openwall.com/lists/oss-security/2023/10/20/5	external
https://lists.apache.org/thread/vmqbp9mfxtrf0kmbn…	external

Acknowledgments

https://security.lauritz-holtmann.de/ Lauritz Holtmann

Pontus.Hanssen@omegapoint.se Pontus Hanssen

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.7 serves as a replacement for Red Hat Single Sign-On 7.6.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)\n* guava: insecure temporary directory creation (CVE-2023-2976)\n* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)\n* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)\n* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)\n* open redirect via \"form_post.jwt\" JARM response mode (CVE-2023-6927)\n* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)\n* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:0804",
        "url": "https://access.redhat.com/errata/RHSA-2024:0804"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2215229",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
      },
      {
        "category": "external",
        "summary": "2236340",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
      },
      {
        "category": "external",
        "summary": "2236341",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
      },
      {
        "category": "external",
        "summary": "2246070",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070"
      },
      {
        "category": "external",
        "summary": "2248423",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423"
      },
      {
        "category": "external",
        "summary": "2249673",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673"
      },
      {
        "category": "external",
        "summary": "2251407",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407"
      },
      {
        "category": "external",
        "summary": "2255027",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0804.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update",
    "tracking": {
      "current_release_date": "2024-12-17T04:52:23+00:00",
      "generator": {
        "date": "2024-12-17T04:52:23+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2024:0804",
      "initial_release_date": "2024-02-13T17:07:54+00:00",
      "revision_history": [
        {
          "date": "2024-02-13T17:07:54+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-02-13T17:07:54+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-17T04:52:23+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Single Sign-On 7",
                "product": {
                  "name": "Red Hat Single Sign-On 7",
                  "product_id": "Red Hat Single Sign-On 7",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Single Sign-On"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-2976",
      "cwe": {
        "id": "CWE-552",
        "name": "Files or Directories Accessible to External Parties"
      },
      "discovery_date": "2023-06-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2215229"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "guava: insecure temporary directory creation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-2976"
        },
        {
          "category": "external",
          "summary": "RHBZ#2215229",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
        }
      ],
      "release_date": "2023-06-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T17:07:54+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0804"
        },
        {
          "category": "workaround",
          "details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "guava: insecure temporary directory creation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Lauritz Holtmann"
          ],
          "organization": "https://security.lauritz-holtmann.de/"
        }
      ],
      "cve": "CVE-2023-6134",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2023-11-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2249673"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: reflected XSS via wildcard in OIDC redirect_uri",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6134"
        },
        {
          "category": "external",
          "summary": "RHBZ#2249673",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6134",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6134"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134"
        }
      ],
      "release_date": "2023-11-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T17:07:54+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0804"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: reflected XSS via wildcard in OIDC redirect_uri"
    },
    {
      "cve": "CVE-2023-6291",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "discovery_date": "2023-11-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2251407"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: redirect_uri validation bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6291"
        },
        {
          "category": "external",
          "summary": "RHBZ#2251407",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6291",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6291"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291"
        }
      ],
      "release_date": "2023-12-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T17:07:54+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0804"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak: redirect_uri validation bypass"
    },
    {
      "cve": "CVE-2023-6484",
      "cwe": {
        "id": "CWE-117",
        "name": "Improper Output Neutralization for Logs"
      },
      "discovery_date": "2023-11-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2248423"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Log Injection during WebAuthn authentication or registration",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6484"
        },
        {
          "category": "external",
          "summary": "RHBZ#2248423",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6484",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6484"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484"
        }
      ],
      "release_date": "2023-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T17:07:54+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0804"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "keycloak: Log Injection during WebAuthn authentication or registration"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Pontus Hanssen"
          ],
          "organization": "Pontus.Hanssen@omegapoint.se"
        }
      ],
      "cve": "CVE-2023-6927",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "discovery_date": "2023-12-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2255027"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode \"form_post.jwt\" which could be used to bypass the security patch implemented to address CVE-2023-6134.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: open redirect via \"form_post.jwt\" JARM response mode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates this as a moderate, following the same case for CVE-2023-6134, but with another response mode with JSON Web Token.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6927"
        },
        {
          "category": "external",
          "summary": "RHBZ#2255027",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6927",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6927"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927"
        }
      ],
      "release_date": "2023-12-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T17:07:54+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0804"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: open redirect via \"form_post.jwt\" JARM response mode"
    },
    {
      "cve": "CVE-2023-26048",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2023-08-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2236340"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26048"
        },
        {
          "category": "external",
          "summary": "RHBZ#2236340",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
        }
      ],
      "release_date": "2023-04-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T17:07:54+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0804"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()"
    },
    {
      "cve": "CVE-2023-26049",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2023-08-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2236341"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26049"
        },
        {
          "category": "external",
          "summary": "RHBZ#2236341",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c"
        }
      ],
      "release_date": "2023-04-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T17:07:54+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0804"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies"
    },
    {
      "cve": "CVE-2023-44483",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "discovery_date": "2023-10-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2246070"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "santuario: Private Key disclosure in debug-log output",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-44483"
        },
        {
          "category": "external",
          "summary": "RHBZ#2246070",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44483",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483"
        },
        {
          "category": "external",
          "summary": "http://www.openwall.com/lists/oss-security/2023/10/20/5",
          "url": "http://www.openwall.com/lists/oss-security/2023/10/20/5"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55",
          "url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55"
        }
      ],
      "release_date": "2023-10-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T17:07:54+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0804"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "santuario: Private Key disclosure in debug-log output"
    }
  ]
}

RHSA-2024_3385

Vulnerability from csaf_redhat - Published: 2024-05-28 11:19 - Updated: 2024-12-12 09:53

Summary

Red Hat Security Advisory: Red Hat JBoss EAP 7.4.14 XP 4.0.2.GA security release

Severity

Moderate

Notes

Topic: JBoss EAP XP 4.0.2.GA security release on the EAP 7.4.14 base is now available. See references for release notes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: This asynchronous patch is a security update zip for the JBoss EAP XP 4.0.2 runtime distribution for use with EAP 7.4.14. Security Fix(es): * jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049) * jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048) * okio: GzipSource class improper exception handling (CVE-2023-3635) A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-3635

A flaw was found in SquareUp Okio. A class GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This issue may allow a malicious user to start processing a malformed file, which can result in a Denial of Service (DoS).

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-248 - Uncaught Exception

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform Expansion Pack Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jbosseapxp`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-26048

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform Expansion Pack Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jbosseapxp`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-26049

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform Expansion Pack Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jbosseapxp`	—	Vendor Fix fix

Threats

Impact Low

References

26 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:3385	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/vulnerabilitie…	external
https://access.redhat.com/documentation/en-us/red…	external
https://access.redhat.com/documentation/en-us/red…	external
https://access.redhat.com/documentation/en-us/red…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2229295	external
https://bugzilla.redhat.com/show_bug.cgi?id=2236340	external
https://bugzilla.redhat.com/show_bug.cgi?id=2236341	external
https://issues.redhat.com/browse/JBEAP-24592	external
https://issues.redhat.com/browse/JBEAP-25932	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-3635	self
https://bugzilla.redhat.com/show_bug.cgi?id=2229295	external
https://www.cve.org/CVERecord?id=CVE-2023-3635	external
https://nvd.nist.gov/vuln/detail/CVE-2023-3635	external
https://access.redhat.com/security/cve/CVE-2023-26048	self
https://bugzilla.redhat.com/show_bug.cgi?id=2236340	external
https://www.cve.org/CVERecord?id=CVE-2023-26048	external
https://nvd.nist.gov/vuln/detail/CVE-2023-26048	external
https://github.com/eclipse/jetty.project/security…	external
https://access.redhat.com/security/cve/CVE-2023-26049	self
https://bugzilla.redhat.com/show_bug.cgi?id=2236341	external
https://www.cve.org/CVERecord?id=CVE-2023-26049	external
https://nvd.nist.gov/vuln/detail/CVE-2023-26049	external
https://github.com/eclipse/jetty.project/security…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "JBoss EAP XP 4.0.2.GA security release on the EAP 7.4.14 base is now available. See references for release notes.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This asynchronous patch is a security update zip for the JBoss EAP XP 4.0.2 runtime distribution for use with EAP 7.4.14.\n\nSecurity Fix(es):\n\n* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)\n\n* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)\n\n* okio: GzipSource class improper exception handling (CVE-2023-3635)\n\nA Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:3385",
        "url": "https://access.redhat.com/errata/RHSA-2024:3385"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/red_hat_jboss_eap_xp_4.0.0_release_notes/index",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/red_hat_jboss_eap_xp_4.0.0_release_notes/index"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/jboss_eap_xp_4.0_upgrade_and_migration_guide/index",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/jboss_eap_xp_4.0_upgrade_and_migration_guide/index"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index"
      },
      {
        "category": "external",
        "summary": "2229295",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229295"
      },
      {
        "category": "external",
        "summary": "2236340",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
      },
      {
        "category": "external",
        "summary": "2236341",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
      },
      {
        "category": "external",
        "summary": "JBEAP-24592",
        "url": "https://issues.redhat.com/browse/JBEAP-24592"
      },
      {
        "category": "external",
        "summary": "JBEAP-25932",
        "url": "https://issues.redhat.com/browse/JBEAP-25932"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3385.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss EAP 7.4.14 XP 4.0.2.GA security release",
    "tracking": {
      "current_release_date": "2024-12-12T09:53:56+00:00",
      "generator": {
        "date": "2024-12-12T09:53:56+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2024:3385",
      "initial_release_date": "2024-05-28T11:19:50+00:00",
      "revision_history": [
        {
          "date": "2024-05-28T11:19:50+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-05-28T11:19:50+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-12T09:53:56+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
                  "product_id": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jbosseapxp"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-3635",
      "cwe": {
        "id": "CWE-248",
        "name": "Uncaught Exception"
      },
      "discovery_date": "2023-07-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2229295"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in SquareUp Okio. A class GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This issue may allow a malicious user to start processing a malformed file, which can result in a Denial of Service (DoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "okio: GzipSource class improper exception handling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat JBoss Enterprise Application Platform XP does contain Okio package but is not using GzipSource.java, which is the affected class.\nRed Hat support for Spring Boot is considered low impact as it\u0027s used by Dekorate during compilation process and not included in the resulting Jar.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform Expansion Pack"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-3635"
        },
        {
          "category": "external",
          "summary": "RHBZ#2229295",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229295"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-3635",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3635",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3635"
        }
      ],
      "release_date": "2023-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-28T11:19:50+00:00",
          "details": "For details on how to apply this update, refer to the Using JBoss EAP XP 4 document: https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform Expansion Pack"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3385"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform Expansion Pack"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "okio: GzipSource class improper exception handling"
    },
    {
      "cve": "CVE-2023-26048",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2023-08-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2236340"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform Expansion Pack"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26048"
        },
        {
          "category": "external",
          "summary": "RHBZ#2236340",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
        }
      ],
      "release_date": "2023-04-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-28T11:19:50+00:00",
          "details": "For details on how to apply this update, refer to the Using JBoss EAP XP 4 document: https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform Expansion Pack"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3385"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform Expansion Pack"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()"
    },
    {
      "cve": "CVE-2023-26049",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2023-08-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2236341"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform Expansion Pack"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26049"
        },
        {
          "category": "external",
          "summary": "RHBZ#2236341",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c"
        }
      ],
      "release_date": "2023-04-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-28T11:19:50+00:00",
          "details": "For details on how to apply this update, refer to the Using JBoss EAP XP 4 document: https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform Expansion Pack"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3385"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform Expansion Pack"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies"
    }
  ]
}

SUSE-SU-2023:2539-1

Vulnerability from csaf_suse - Published: 2023-06-19 07:57 - Updated: 2023-06-19 07:57

Summary

Security update for jetty-minimal

Severity

Moderate

Notes

Title of the patch: Security update for jetty-minimal

Description of the patch: This update for jetty-minimal fixes the following issues: Updated to version 9.4.51.v20230217: - CVE-2023-26048: Fixed an excessive memory consumption when processing a large multipart request (bsc#1210620) - CVE-2023-26049: Fixed a cookie exfiltration issue due to improper parsing (bsc#1210621).

Patchnames: SUSE-2023-2539,SUSE-SLE-Module-Development-Tools-15-SP4-2023-2539,SUSE-SLE-Module-Development-Tools-15-SP5-2023-2539,SUSE-SLE-Product-RT-15-SP3-2023-2539,openSUSE-SLE-15.4-2023-2539,openSUSE-SLE-15.5-2023-2539

CVE-2023-26048

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 79 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-http-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-io-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-security-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-server-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-servlet-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-util-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-util-ajax-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-http-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-io-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-security-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-server-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-servlet-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-ajax-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:jetty-http-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:jetty-io-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:jetty-security-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:jetty-server-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:jetty-servlet-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:jetty-util-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:jetty-util-ajax-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-annotations-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-ant-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-cdi-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-client-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-continuation-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-deploy-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-fcgi-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-http-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-http-spi-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-io-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-jaas-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-jmx-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-jndi-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-jsp-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-openid-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-plus-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-proxy-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-quickstart-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-rewrite-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-security-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-server-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-servlet-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-servlets-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-start-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-util-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-util-ajax-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-webapp-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-xml-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-annotations-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-ant-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-cdi-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-client-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-continuation-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-deploy-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-fcgi-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-http-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-http-spi-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-io-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-jaas-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-jmx-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-jndi-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-jsp-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-openid-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-plus-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-proxy-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-quickstart-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-rewrite-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-security-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-server-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-servlet-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-servlets-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-start-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-util-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-util-ajax-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-webapp-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-xml-9.4.51-150200.3.19.2.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2023-26049

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected products

Recommended 79 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-http-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-io-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-security-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-server-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-servlet-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-util-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-util-ajax-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-http-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-io-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-security-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-server-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-servlet-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-ajax-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:jetty-http-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:jetty-io-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:jetty-security-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:jetty-server-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:jetty-servlet-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:jetty-util-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Real Time 15 SP3:jetty-util-ajax-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-annotations-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-ant-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-cdi-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-client-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-continuation-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-deploy-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-fcgi-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-http-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-http-spi-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-io-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-jaas-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-jmx-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-jndi-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-jsp-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-openid-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-plus-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-proxy-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-quickstart-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-rewrite-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-security-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-server-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-servlet-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-servlets-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-start-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-util-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-util-ajax-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-webapp-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:jetty-xml-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-annotations-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-ant-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-cdi-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-client-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-continuation-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-deploy-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-fcgi-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-http-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-http-spi-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-io-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-jaas-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-jmx-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-jndi-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-jsp-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-openid-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-plus-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-proxy-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-quickstart-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-rewrite-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-security-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-server-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-servlet-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-servlets-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-start-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-util-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-util-ajax-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-webapp-9.4.51-150200.3.19.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:jetty-xml-9.4.51-150200.3.19.2.noarch	—	Vendor Fix

Threats

Impact low

References

12 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-updates/2023…	self
https://bugzilla.suse.com/1210620	self
https://bugzilla.suse.com/1210621	self
https://www.suse.com/security/cve/CVE-2023-26048/	self
https://www.suse.com/security/cve/CVE-2023-26049/	self
https://www.suse.com/security/cve/CVE-2023-26048	external
https://bugzilla.suse.com/1210620	external
https://www.suse.com/security/cve/CVE-2023-26049	external
https://bugzilla.suse.com/1210621	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for jetty-minimal",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for jetty-minimal fixes the following issues:\n\nUpdated to version 9.4.51.v20230217:\n- CVE-2023-26048: Fixed an excessive memory consumption when\n  processing a large multipart request (bsc#1210620)\n- CVE-2023-26049: Fixed a cookie exfiltration issue due to improper\n  parsing (bsc#1210621).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2023-2539,SUSE-SLE-Module-Development-Tools-15-SP4-2023-2539,SUSE-SLE-Module-Development-Tools-15-SP5-2023-2539,SUSE-SLE-Product-RT-15-SP3-2023-2539,openSUSE-SLE-15.4-2023-2539,openSUSE-SLE-15.5-2023-2539",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_2539-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2023:2539-1",
        "url": "https://www.suse.com/support/update/announcement/2023/suse-su-20232539-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2023:2539-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2023-June/029919.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1210620",
        "url": "https://bugzilla.suse.com/1210620"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1210621",
        "url": "https://bugzilla.suse.com/1210621"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-26048 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-26048/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-26049 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-26049/"
      }
    ],
    "title": "Security update for jetty-minimal",
    "tracking": {
      "current_release_date": "2023-06-19T07:57:32Z",
      "generator": {
        "date": "2023-06-19T07:57:32Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2023:2539-1",
      "initial_release_date": "2023-06-19T07:57:32Z",
      "revision_history": [
        {
          "date": "2023-06-19T07:57:32Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jetty-annotations-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-annotations-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-annotations-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-ant-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-ant-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-ant-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-cdi-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-cdi-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-cdi-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-client-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-client-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-client-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-continuation-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-continuation-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-continuation-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-deploy-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-deploy-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-deploy-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-fcgi-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-fcgi-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-fcgi-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-http-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-http-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-http-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-http-spi-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-http-spi-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-http-spi-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-io-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-io-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-io-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jaas-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-jaas-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-jaas-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jmx-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-jmx-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-jmx-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jndi-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-jndi-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-jndi-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jsp-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-jsp-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-jsp-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-openid-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-openid-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-openid-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-plus-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-plus-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-plus-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-proxy-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-proxy-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-proxy-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-quickstart-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-quickstart-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-quickstart-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-rewrite-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-rewrite-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-rewrite-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-security-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-security-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-security-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-server-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-server-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-server-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-servlet-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-servlet-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-servlet-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-servlets-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-servlets-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-servlets-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-start-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-start-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-start-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-util-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-util-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-util-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-util-ajax-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-webapp-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-webapp-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-webapp-9.4.51-150200.3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-xml-9.4.51-150200.3.19.2.noarch",
                "product": {
                  "name": "jetty-xml-9.4.51-150200.3.19.2.noarch",
                  "product_id": "jetty-xml-9.4.51-150200.3.19.2.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
                  "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-development-tools:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
                  "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-development-tools:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Real Time 15 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Real Time 15 SP3",
                  "product_id": "SUSE Linux Enterprise Real Time 15 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_rt:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.4",
                "product": {
                  "name": "openSUSE Leap 15.4",
                  "product_id": "openSUSE Leap 15.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.5",
                "product": {
                  "name": "openSUSE Leap 15.5",
                  "product_id": "openSUSE Leap 15.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-http-9.4.51-150200.3.19.2.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-http-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-http-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-io-9.4.51-150200.3.19.2.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-io-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-io-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-security-9.4.51-150200.3.19.2.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-security-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-security-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-server-9.4.51-150200.3.19.2.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-server-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-server-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-servlet-9.4.51-150200.3.19.2.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-servlet-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-servlet-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-util-9.4.51-150200.3.19.2.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-util-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-util-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-util-ajax-9.4.51-150200.3.19.2.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-util-ajax-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-http-9.4.51-150200.3.19.2.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-http-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-http-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-io-9.4.51-150200.3.19.2.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-io-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-io-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-security-9.4.51-150200.3.19.2.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-security-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-security-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-server-9.4.51-150200.3.19.2.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-server-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-server-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-servlet-9.4.51-150200.3.19.2.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-servlet-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-servlet-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-util-9.4.51-150200.3.19.2.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-util-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-util-ajax-9.4.51-150200.3.19.2.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-ajax-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-http-9.4.51-150200.3.19.2.noarch as component of SUSE Linux Enterprise Real Time 15 SP3",
          "product_id": "SUSE Linux Enterprise Real Time 15 SP3:jetty-http-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-http-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-io-9.4.51-150200.3.19.2.noarch as component of SUSE Linux Enterprise Real Time 15 SP3",
          "product_id": "SUSE Linux Enterprise Real Time 15 SP3:jetty-io-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-io-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-security-9.4.51-150200.3.19.2.noarch as component of SUSE Linux Enterprise Real Time 15 SP3",
          "product_id": "SUSE Linux Enterprise Real Time 15 SP3:jetty-security-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-security-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-server-9.4.51-150200.3.19.2.noarch as component of SUSE Linux Enterprise Real Time 15 SP3",
          "product_id": "SUSE Linux Enterprise Real Time 15 SP3:jetty-server-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-server-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-servlet-9.4.51-150200.3.19.2.noarch as component of SUSE Linux Enterprise Real Time 15 SP3",
          "product_id": "SUSE Linux Enterprise Real Time 15 SP3:jetty-servlet-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-servlet-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-util-9.4.51-150200.3.19.2.noarch as component of SUSE Linux Enterprise Real Time 15 SP3",
          "product_id": "SUSE Linux Enterprise Real Time 15 SP3:jetty-util-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-util-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-util-ajax-9.4.51-150200.3.19.2.noarch as component of SUSE Linux Enterprise Real Time 15 SP3",
          "product_id": "SUSE Linux Enterprise Real Time 15 SP3:jetty-util-ajax-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-annotations-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-annotations-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-annotations-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-ant-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-ant-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-ant-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-cdi-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-cdi-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-cdi-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-client-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-client-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-client-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-continuation-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-continuation-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-continuation-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-deploy-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-deploy-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-deploy-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-fcgi-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-fcgi-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-fcgi-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-http-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-http-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-http-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-http-spi-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-http-spi-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-http-spi-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-io-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-io-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-io-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jaas-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-jaas-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-jaas-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jmx-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-jmx-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-jmx-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jndi-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-jndi-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-jndi-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jsp-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-jsp-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-jsp-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-openid-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-openid-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-openid-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-plus-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-plus-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-plus-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-proxy-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-proxy-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-proxy-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-quickstart-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-quickstart-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-quickstart-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-rewrite-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-rewrite-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-rewrite-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-security-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-security-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-security-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-server-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-server-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-server-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-servlet-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-servlet-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-servlet-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-servlets-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-servlets-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-servlets-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-start-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-start-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-start-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-util-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-util-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-util-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-util-ajax-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-util-ajax-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-webapp-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-webapp-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-webapp-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-xml-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jetty-xml-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-xml-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-annotations-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-annotations-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-annotations-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-ant-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-ant-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-ant-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-cdi-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-cdi-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-cdi-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-client-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-client-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-client-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-continuation-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-continuation-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-continuation-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-deploy-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-deploy-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-deploy-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-fcgi-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-fcgi-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-fcgi-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-http-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-http-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-http-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-http-spi-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-http-spi-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-http-spi-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-io-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-io-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-io-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jaas-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-jaas-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-jaas-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jmx-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-jmx-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-jmx-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jndi-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-jndi-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-jndi-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jsp-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-jsp-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-jsp-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-openid-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-openid-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-openid-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-plus-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-plus-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-plus-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-proxy-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-proxy-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-proxy-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-quickstart-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-quickstart-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-quickstart-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-rewrite-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-rewrite-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-rewrite-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-security-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-security-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-security-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-server-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-server-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-server-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-servlet-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-servlet-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-servlet-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-servlets-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-servlets-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-servlets-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-start-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-start-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-start-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-util-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-util-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-util-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-util-ajax-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-util-ajax-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-webapp-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-webapp-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-webapp-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-xml-9.4.51-150200.3.19.2.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:jetty-xml-9.4.51-150200.3.19.2.noarch"
        },
        "product_reference": "jetty-xml-9.4.51-150200.3.19.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-26048",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-26048"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-http-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-io-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-security-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-server-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-servlet-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-util-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-http-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-io-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-security-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-server-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-servlet-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Real Time 15 SP3:jetty-http-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Real Time 15 SP3:jetty-io-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Real Time 15 SP3:jetty-security-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Real Time 15 SP3:jetty-server-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Real Time 15 SP3:jetty-servlet-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Real Time 15 SP3:jetty-util-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Real Time 15 SP3:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-annotations-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-ant-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-cdi-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-client-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-continuation-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-deploy-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-fcgi-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-http-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-http-spi-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-io-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-jaas-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-jmx-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-jndi-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-jsp-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-openid-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-plus-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-proxy-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-quickstart-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-rewrite-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-security-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-server-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-servlet-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-servlets-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-start-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-util-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-webapp-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-xml-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-annotations-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-ant-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-cdi-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-client-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-continuation-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-deploy-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-fcgi-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-http-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-http-spi-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-io-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-jaas-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-jmx-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-jndi-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-jsp-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-openid-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-plus-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-proxy-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-quickstart-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-rewrite-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-security-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-server-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-servlet-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-servlets-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-start-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-util-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-webapp-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-xml-9.4.51-150200.3.19.2.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-26048",
          "url": "https://www.suse.com/security/cve/CVE-2023-26048"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1210620 for CVE-2023-26048",
          "url": "https://bugzilla.suse.com/1210620"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-http-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-io-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-security-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-server-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-servlet-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-util-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-http-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-io-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-security-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-server-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-servlet-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-http-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-io-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-security-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-server-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-servlet-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-util-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-annotations-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-ant-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-cdi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-client-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-continuation-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-deploy-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-fcgi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-http-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-http-spi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-io-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-jaas-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-jmx-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-jndi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-jsp-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-openid-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-plus-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-proxy-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-quickstart-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-rewrite-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-security-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-server-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-servlet-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-servlets-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-start-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-util-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-webapp-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-xml-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-annotations-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-ant-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-cdi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-client-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-continuation-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-deploy-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-fcgi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-http-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-http-spi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-io-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-jaas-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-jmx-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-jndi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-jsp-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-openid-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-plus-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-proxy-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-quickstart-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-rewrite-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-security-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-server-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-servlet-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-servlets-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-start-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-util-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-webapp-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-xml-9.4.51-150200.3.19.2.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-http-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-io-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-security-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-server-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-servlet-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-util-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-http-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-io-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-security-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-server-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-servlet-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-http-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-io-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-security-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-server-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-servlet-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-util-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-annotations-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-ant-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-cdi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-client-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-continuation-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-deploy-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-fcgi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-http-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-http-spi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-io-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-jaas-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-jmx-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-jndi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-jsp-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-openid-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-plus-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-proxy-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-quickstart-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-rewrite-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-security-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-server-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-servlet-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-servlets-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-start-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-util-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-webapp-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-xml-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-annotations-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-ant-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-cdi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-client-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-continuation-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-deploy-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-fcgi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-http-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-http-spi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-io-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-jaas-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-jmx-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-jndi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-jsp-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-openid-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-plus-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-proxy-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-quickstart-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-rewrite-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-security-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-server-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-servlet-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-servlets-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-start-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-util-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-webapp-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-xml-9.4.51-150200.3.19.2.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-06-19T07:57:32Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-26048"
    },
    {
      "cve": "CVE-2023-26049",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-26049"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-http-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-io-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-security-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-server-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-servlet-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-util-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-http-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-io-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-security-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-server-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-servlet-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Real Time 15 SP3:jetty-http-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Real Time 15 SP3:jetty-io-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Real Time 15 SP3:jetty-security-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Real Time 15 SP3:jetty-server-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Real Time 15 SP3:jetty-servlet-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Real Time 15 SP3:jetty-util-9.4.51-150200.3.19.2.noarch",
          "SUSE Linux Enterprise Real Time 15 SP3:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-annotations-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-ant-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-cdi-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-client-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-continuation-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-deploy-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-fcgi-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-http-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-http-spi-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-io-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-jaas-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-jmx-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-jndi-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-jsp-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-openid-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-plus-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-proxy-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-quickstart-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-rewrite-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-security-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-server-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-servlet-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-servlets-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-start-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-util-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-webapp-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.4:jetty-xml-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-annotations-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-ant-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-cdi-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-client-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-continuation-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-deploy-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-fcgi-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-http-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-http-spi-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-io-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-jaas-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-jmx-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-jndi-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-jsp-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-openid-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-plus-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-proxy-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-quickstart-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-rewrite-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-security-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-server-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-servlet-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-servlets-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-start-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-util-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-webapp-9.4.51-150200.3.19.2.noarch",
          "openSUSE Leap 15.5:jetty-xml-9.4.51-150200.3.19.2.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-26049",
          "url": "https://www.suse.com/security/cve/CVE-2023-26049"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1210621 for CVE-2023-26049",
          "url": "https://bugzilla.suse.com/1210621"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-http-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-io-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-security-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-server-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-servlet-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-util-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-http-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-io-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-security-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-server-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-servlet-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-http-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-io-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-security-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-server-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-servlet-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-util-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-annotations-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-ant-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-cdi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-client-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-continuation-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-deploy-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-fcgi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-http-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-http-spi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-io-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-jaas-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-jmx-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-jndi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-jsp-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-openid-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-plus-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-proxy-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-quickstart-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-rewrite-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-security-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-server-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-servlet-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-servlets-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-start-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-util-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-webapp-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-xml-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-annotations-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-ant-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-cdi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-client-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-continuation-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-deploy-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-fcgi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-http-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-http-spi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-io-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-jaas-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-jmx-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-jndi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-jsp-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-openid-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-plus-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-proxy-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-quickstart-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-rewrite-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-security-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-server-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-servlet-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-servlets-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-start-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-util-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-webapp-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-xml-9.4.51-150200.3.19.2.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-http-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-io-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-security-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-server-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-servlet-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-util-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP4:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-http-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-io-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-security-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-server-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-servlet-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-http-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-io-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-security-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-server-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-servlet-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-util-9.4.51-150200.3.19.2.noarch",
            "SUSE Linux Enterprise Real Time 15 SP3:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-annotations-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-ant-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-cdi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-client-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-continuation-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-deploy-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-fcgi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-http-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-http-spi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-io-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-jaas-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-jmx-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-jndi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-jsp-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-openid-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-plus-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-proxy-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-quickstart-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-rewrite-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-security-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-server-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-servlet-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-servlets-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-start-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-util-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-webapp-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.4:jetty-xml-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-annotations-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-ant-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-cdi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-client-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-continuation-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-deploy-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-fcgi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-http-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-http-spi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-io-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-jaas-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-jmx-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-jndi-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-jsp-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-openid-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-plus-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-proxy-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-quickstart-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-rewrite-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-security-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-server-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-servlet-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-servlets-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-start-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-util-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-util-ajax-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-webapp-9.4.51-150200.3.19.2.noarch",
            "openSUSE Leap 15.5:jetty-xml-9.4.51-150200.3.19.2.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-06-19T07:57:32Z",
          "details": "low"
        }
      ],
      "title": "CVE-2023-26049"
    }
  ]
}

WID-SEC-W-2023-1009

Vulnerability from csaf_certbund - Published: 2023-04-18 22:00 - Updated: 2025-05-29 22:00

Summary

Eclipse Jetty: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Eclipse Jetty ist ein Java-HTTP-Server und Java-Servlet-Container.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Eclipse Jetty ausnutzen, um einen Denial of Service Angriff durchzuführen oder Informationen offenzulegen.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2023-26048

Affected products

Known affected 22 products

Product	Identifier	Version
Broadcom Brocade SANnav <2.3.1a Broadcom / Brocade SANnav		<2.3.1a
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Integration Bus IBM	`cpe:/a:ibm:integration_bus:-`	—
IBM Maximo Asset Management 7.6.1 IBM / Maximo Asset Management	`cpe:/a:ibm:maximo_asset_management:7.6.1`	7.6.1
Hitachi Ops Center <Analyzer 10.9.3-00 Hitachi / Ops Center		<Analyzer 10.9.3-00
Hitachi Ops Center <Viewpoint 10.9.3-00 Hitachi / Ops Center		<Viewpoint 10.9.3-00
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
NetApp ActiveIQ Unified Manager for Linux NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_linux`	for Linux
IBM Operational Decision Manager 8.10.x IBM / Operational Decision Manager	`cpe:/a:ibm:operational_decision_manager:8.10.x`	8.10.x
IBM Operational Decision Manager 8.11.x IBM / Operational Decision Manager	`cpe:/a:ibm:operational_decision_manager:8.11.x`	8.11.x
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7`	11.7
IBM Business Automation Workflow IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:-`	—
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
IBM Business Automation Workflow <interim fix DT213400 IBM / Business Automation Workflow		<interim fix DT213400
IBM Rational Change <5.3.2.6 IBM / Rational Change		<5.3.2.6
IBM Maximo Asset Management 7.6.1.3 IBM / Maximo Asset Management	`cpe:/a:ibm:maximo_asset_management:7.6.1.3`	7.6.1.3
Eclipse Jetty <9.4.51 Eclipse / Jetty		<9.4.51
Red Hat JBoss Enterprise Application Platform Red Hat	`cpe:/a:redhat:jboss_enterprise_application_platform:-`	—
Eclipse Jetty <11.0.15 Eclipse / Jetty		<11.0.15
Eclipse Jetty <10.0.15 Eclipse / Jetty		<10.0.15

CVE-2023-26049

Affected products

Known affected 22 products

Product	Identifier	Version
Broadcom Brocade SANnav <2.3.1a Broadcom / Brocade SANnav		<2.3.1a
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Integration Bus IBM	`cpe:/a:ibm:integration_bus:-`	—
IBM Maximo Asset Management 7.6.1 IBM / Maximo Asset Management	`cpe:/a:ibm:maximo_asset_management:7.6.1`	7.6.1
Hitachi Ops Center <Analyzer 10.9.3-00 Hitachi / Ops Center		<Analyzer 10.9.3-00
Hitachi Ops Center <Viewpoint 10.9.3-00 Hitachi / Ops Center		<Viewpoint 10.9.3-00
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
NetApp ActiveIQ Unified Manager for Linux NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_linux`	for Linux
IBM Operational Decision Manager 8.10.x IBM / Operational Decision Manager	`cpe:/a:ibm:operational_decision_manager:8.10.x`	8.10.x
IBM Operational Decision Manager 8.11.x IBM / Operational Decision Manager	`cpe:/a:ibm:operational_decision_manager:8.11.x`	8.11.x
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7`	11.7
IBM Business Automation Workflow IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:-`	—
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
IBM Business Automation Workflow <interim fix DT213400 IBM / Business Automation Workflow		<interim fix DT213400
IBM Rational Change <5.3.2.6 IBM / Rational Change		<5.3.2.6
IBM Maximo Asset Management 7.6.1.3 IBM / Maximo Asset Management	`cpe:/a:ibm:maximo_asset_management:7.6.1.3`	7.6.1.3
Eclipse Jetty <9.4.51 Eclipse / Jetty		<9.4.51
Red Hat JBoss Enterprise Application Platform Red Hat	`cpe:/a:redhat:jboss_enterprise_application_platform:-`	—
Eclipse Jetty <11.0.15 Eclipse / Jetty		<11.0.15
Eclipse Jetty <10.0.15 Eclipse / Jetty		<10.0.15

References

30 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.eclipse.org/lists/jetty-announce/msg0…	external
https://www.ibm.com/support/pages/node/6995451	external
https://security.netapp.com/advisory/ntap-2023052…	external
https://www.ibm.com/support/pages/node/7001787	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://www.ibm.com/support/pages/node/7014917	external
https://access.redhat.com/errata/RHSA-2023:5165	external
https://lists.debian.org/debian-security-announce…	external
https://lists.debian.org/debian-lts-announce/2023…	external
https://www.hitachi.com/products/it/software/secu…	external
https://access.redhat.com/errata/RHSA-2023:5441	external
https://www.ibm.com/support/pages/node/7067421	external
https://www.ibm.com/support/pages/node/7067416	external
https://www.ibm.com/support/pages/node/7070740	external
https://www.ibm.com/support/pages/node/7082766	external
https://access.redhat.com/errata/RHSA-2023:7638	external
https://access.redhat.com/errata/RHSA-2023:7641	external
https://access.redhat.com/errata/RHSA-2023:7639	external
https://access.redhat.com/errata/RHSA-2023:7637	external
https://www.ibm.com/support/pages/node/7099297	external
https://access.redhat.com/errata/RHSA-2024:0778	external
https://access.redhat.com/errata/RHSA-2024:0804	external
https://access.redhat.com/errata/RHSA-2024:0799	external
https://www.ibm.com/support/pages/node/7153639	external
https://access.redhat.com/errata/RHSA-2024:3385	external
https://www.ibm.com/support/pages/node/7156278	external
https://support.broadcom.com/web/ecx/support-cont…	external
https://www.ibm.com/support/pages/node/7235064	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Eclipse Jetty ist ein Java-HTTP-Server und Java-Servlet-Container.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Eclipse Jetty ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1009 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1009.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1009 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1009"
      },
      {
        "category": "external",
        "summary": "Eclipse Security Advisory vom 2023-04-18",
        "url": "https://www.eclipse.org/lists/jetty-announce/msg00176.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6995451 vom 2023-05-18",
        "url": "https://www.ibm.com/support/pages/node/6995451"
      },
      {
        "category": "external",
        "summary": "NetApp Security Advisory NTAP-20230526-0001 vom 2023-05-26",
        "url": "https://security.netapp.com/advisory/ntap-20230526-0001/"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7001787 vom 2023-06-07",
        "url": "https://www.ibm.com/support/pages/node/7001787"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:2539-1 vom 2023-06-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-June/015228.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7014917 vom 2023-08-01",
        "url": "https://www.ibm.com/support/pages/node/7014917"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:5165 vom 2023-09-14",
        "url": "https://access.redhat.com/errata/RHSA-2023:5165"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5507 vom 2023-09-29",
        "url": "https://lists.debian.org/debian-security-announce/2023/msg00200.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3592 vom 2023-09-30",
        "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html"
      },
      {
        "category": "external",
        "summary": "Hitachi Vulnerability Information HITACHI-SEC-2023-144 vom 2023-10-03",
        "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-144/index.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:5441 vom 2023-10-04",
        "url": "https://access.redhat.com/errata/RHSA-2023:5441"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7067421 vom 2023-11-07",
        "url": "https://www.ibm.com/support/pages/node/7067421"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7067416 vom 2023-11-07 vom 2023-11-06",
        "url": "https://www.ibm.com/support/pages/node/7067416"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7070740 vom 2023-11-16",
        "url": "https://www.ibm.com/support/pages/node/7070740"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7082766 vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7082766"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7638 vom 2023-12-05",
        "url": "https://access.redhat.com/errata/RHSA-2023:7638"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7641 vom 2023-12-05",
        "url": "https://access.redhat.com/errata/RHSA-2023:7641"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7639 vom 2023-12-05",
        "url": "https://access.redhat.com/errata/RHSA-2023:7639"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7637 vom 2023-12-05",
        "url": "https://access.redhat.com/errata/RHSA-2023:7637"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7099297 vom 2023-12-18",
        "url": "https://www.ibm.com/support/pages/node/7099297"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0778 vom 2024-02-12",
        "url": "https://access.redhat.com/errata/RHSA-2024:0778"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0804 vom 2024-02-13",
        "url": "https://access.redhat.com/errata/RHSA-2024:0804"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0799 vom 2024-02-14",
        "url": "https://access.redhat.com/errata/RHSA-2024:0799"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7153639 vom 2024-05-17",
        "url": "https://www.ibm.com/support/pages/node/7153639"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3385 vom 2024-05-28",
        "url": "https://access.redhat.com/errata/RHSA-2024:3385"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156278 vom 2024-06-03",
        "url": "https://www.ibm.com/support/pages/node/7156278"
      },
      {
        "category": "external",
        "summary": "Brocade Security Advisory BSA-2024-2756 vom 2024-11-02",
        "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25087"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7235064 vom 2025-05-29",
        "url": "https://www.ibm.com/support/pages/node/7235064"
      }
    ],
    "source_lang": "en-US",
    "title": "Eclipse Jetty: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-05-29T22:00:00.000+00:00",
      "generator": {
        "date": "2025-05-30T09:12:24.350+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2023-1009",
      "initial_release_date": "2023-04-18T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-04-18T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-05-18T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-05-29T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von NetApp aufgenommen"
        },
        {
          "date": "2023-06-06T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-06-18T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-07-31T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-09-14T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-09-28T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2023-10-01T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2023-10-03T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von HITACHI aufgenommen"
        },
        {
          "date": "2023-10-04T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-11-06T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-11-16T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
        },
        {
          "date": "2023-11-27T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-12-04T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-12-18T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-02-11T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-02-13T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-05-16T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-05-28T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-06-03T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-11-03T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von BROCADE aufgenommen"
        },
        {
          "date": "2025-05-29T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "23"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.3.1a",
                "product": {
                  "name": "Broadcom Brocade SANnav \u003c2.3.1a",
                  "product_id": "T038317"
                }
              },
              {
                "category": "product_version",
                "name": "2.3.1a",
                "product": {
                  "name": "Broadcom Brocade SANnav 2.3.1a",
                  "product_id": "T038317-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:broadcom:brocade_sannav:2.3.1a"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Brocade SANnav"
          }
        ],
        "category": "vendor",
        "name": "Broadcom"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c11.0.15",
                "product": {
                  "name": "Eclipse Jetty \u003c11.0.15",
                  "product_id": "T027452"
                }
              },
              {
                "category": "product_version",
                "name": "11.0.15",
                "product": {
                  "name": "Eclipse Jetty 11.0.15",
                  "product_id": "T027452-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:eclipse:jetty:11.0.15"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.0.15",
                "product": {
                  "name": "Eclipse Jetty \u003c10.0.15",
                  "product_id": "T027453"
                }
              },
              {
                "category": "product_version",
                "name": "10.0.15",
                "product": {
                  "name": "Eclipse Jetty 10.0.15",
                  "product_id": "T027453-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:eclipse:jetty:10.0.15"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.4.51",
                "product": {
                  "name": "Eclipse Jetty \u003c9.4.51",
                  "product_id": "T027454"
                }
              },
              {
                "category": "product_version",
                "name": "9.4.51",
                "product": {
                  "name": "Eclipse Jetty 9.4.51",
                  "product_id": "T027454-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:eclipse:jetty:9.4.51"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Jetty"
          }
        ],
        "category": "vendor",
        "name": "Eclipse"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cAnalyzer 10.9.3-00",
                "product": {
                  "name": "Hitachi Ops Center \u003cAnalyzer 10.9.3-00",
                  "product_id": "T030196"
                }
              },
              {
                "category": "product_version",
                "name": "Analyzer 10.9.3-00",
                "product": {
                  "name": "Hitachi Ops Center Analyzer 10.9.3-00",
                  "product_id": "T030196-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hitachi:ops_center:analyzer_10.9.3-00"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cViewpoint 10.9.3-00",
                "product": {
                  "name": "Hitachi Ops Center \u003cViewpoint 10.9.3-00",
                  "product_id": "T030197"
                }
              },
              {
                "category": "product_version",
                "name": "Viewpoint 10.9.3-00",
                "product": {
                  "name": "Hitachi Ops Center Viewpoint 10.9.3-00",
                  "product_id": "T030197-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hitachi:ops_center:viewpoint_10.9.3-00"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Ops Center"
          }
        ],
        "category": "vendor",
        "name": "Hitachi"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "IBM Business Automation Workflow",
                "product": {
                  "name": "IBM Business Automation Workflow",
                  "product_id": "T019704",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:-"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cinterim fix DT213400",
                "product": {
                  "name": "IBM Business Automation Workflow \u003cinterim fix DT213400",
                  "product_id": "T027778"
                }
              },
              {
                "category": "product_version",
                "name": "interim fix DT213400",
                "product": {
                  "name": "IBM Business Automation Workflow interim fix DT213400",
                  "product_id": "T027778-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:interim_fix_dt213400"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Business Automation Workflow"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "11.7",
                "product": {
                  "name": "IBM InfoSphere Information Server 11.7",
                  "product_id": "444803",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "InfoSphere Information Server"
          },
          {
            "category": "product_name",
            "name": "IBM Integration Bus",
            "product": {
              "name": "IBM Integration Bus",
              "product_id": "T011169",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:integration_bus:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.6.1.3",
                "product": {
                  "name": "IBM Maximo Asset Management 7.6.1.3",
                  "product_id": "1234217",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.6.1",
                "product": {
                  "name": "IBM Maximo Asset Management 7.6.1",
                  "product_id": "389168",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Maximo Asset Management"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.10.x",
                "product": {
                  "name": "IBM Operational Decision Manager 8.10.x",
                  "product_id": "T027827",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:operational_decision_manager:8.10.x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.11.x",
                "product": {
                  "name": "IBM Operational Decision Manager 8.11.x",
                  "product_id": "T027828",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:operational_decision_manager:8.11.x"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Operational Decision Manager"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.5",
                "product": {
                  "name": "IBM QRadar SIEM 7.5",
                  "product_id": "T022954",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "QRadar SIEM"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.3.2.6",
                "product": {
                  "name": "IBM Rational Change \u003c5.3.2.6",
                  "product_id": "T028986"
                }
              },
              {
                "category": "product_version",
                "name": "5.3.2.6",
                "product": {
                  "name": "IBM Rational Change 5.3.2.6",
                  "product_id": "T028986-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_change:5.3.2.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Rational Change"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "for Linux",
                "product": {
                  "name": "NetApp ActiveIQ Unified Manager for Linux",
                  "product_id": "T023548",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:netapp:active_iq_unified_manager:for_linux"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "for Microsoft Windows",
                "product": {
                  "name": "NetApp ActiveIQ Unified Manager for Microsoft Windows",
                  "product_id": "T025631",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ActiveIQ Unified Manager"
          }
        ],
        "category": "vendor",
        "name": "NetApp"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Red Hat JBoss Enterprise Application Platform",
            "product": {
              "name": "Red Hat JBoss Enterprise Application Platform",
              "product_id": "T003085",
              "product_identification_helper": {
                "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-26048",
      "product_status": {
        "known_affected": [
          "T038317",
          "67646",
          "T011169",
          "389168",
          "T030196",
          "T030197",
          "T022954",
          "T023548",
          "T027827",
          "T027828",
          "2951",
          "T002207",
          "444803",
          "T019704",
          "T025631",
          "T027778",
          "T028986",
          "1234217",
          "T027454",
          "T003085",
          "T027452",
          "T027453"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-26048"
    },
    {
      "cve": "CVE-2023-26049",
      "product_status": {
        "known_affected": [
          "T038317",
          "67646",
          "T011169",
          "389168",
          "T030196",
          "T030197",
          "T022954",
          "T023548",
          "T027827",
          "T027828",
          "2951",
          "T002207",
          "444803",
          "T019704",
          "T025631",
          "T027778",
          "T028986",
          "1234217",
          "T027454",
          "T003085",
          "T027452",
          "T027453"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-26049"
    }
  ]
}

WID-SEC-W-2023-2625

Vulnerability from csaf_certbund - Published: 2023-10-10 22:00 - Updated: 2024-08-15 22:00

Summary

IBM QRadar SIEM: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.

Angriff: Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux

CVE-2016-1000027

In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2020-13956

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2022-21426

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2022-25147

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2022-3564

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2022-40609

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2022-48339

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-20867

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-21830

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-21843

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-21930

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-21937

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-21938

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-21939

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-21954

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-21967

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-21968

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-24998

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-25652

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-2597

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-26048

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-26049

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-2828

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-28709

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-29007

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-2976

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-30441

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-30994

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-32067

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-32697

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-33201

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-34149

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-34396

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-34453

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-34454

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-34455

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-34981

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-35116

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-38408

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

CVE-2023-40367

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/7049133	external
https://www.ibm.com/support/pages/node/7165686	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2625 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2625.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2625 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2625"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7049133 vom 2023-10-10",
        "url": "https://www.ibm.com/support/pages/node/7049133"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7165686 vom 2024-08-16",
        "url": "https://www.ibm.com/support/pages/node/7165686"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM QRadar SIEM: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-08-15T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-16T10:07:42.179+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2625",
      "initial_release_date": "2023-10-10T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-10-10T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-08-15T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.5",
                "product": {
                  "name": "IBM QRadar SIEM 7.5",
                  "product_id": "T022954",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.5.0 UP7",
                "product": {
                  "name": "IBM QRadar SIEM \u003c7.5.0 UP7",
                  "product_id": "T030425"
                }
              }
            ],
            "category": "product_name",
            "name": "QRadar SIEM"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-1000027",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2016-1000027"
    },
    {
      "cve": "CVE-2020-13956",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2020-13956"
    },
    {
      "cve": "CVE-2022-21426",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2022-21426"
    },
    {
      "cve": "CVE-2022-25147",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2022-25147"
    },
    {
      "cve": "CVE-2022-3564",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2022-3564"
    },
    {
      "cve": "CVE-2022-40609",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2022-40609"
    },
    {
      "cve": "CVE-2022-48339",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2022-48339"
    },
    {
      "cve": "CVE-2023-20867",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-20867"
    },
    {
      "cve": "CVE-2023-21830",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-21830"
    },
    {
      "cve": "CVE-2023-21843",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-21843"
    },
    {
      "cve": "CVE-2023-21930",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-21930"
    },
    {
      "cve": "CVE-2023-21937",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-21937"
    },
    {
      "cve": "CVE-2023-21938",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-21938"
    },
    {
      "cve": "CVE-2023-21939",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-21939"
    },
    {
      "cve": "CVE-2023-21954",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-21954"
    },
    {
      "cve": "CVE-2023-21967",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-21967"
    },
    {
      "cve": "CVE-2023-21968",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-21968"
    },
    {
      "cve": "CVE-2023-24998",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-24998"
    },
    {
      "cve": "CVE-2023-25652",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-25652"
    },
    {
      "cve": "CVE-2023-2597",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-2597"
    },
    {
      "cve": "CVE-2023-26048",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-26048"
    },
    {
      "cve": "CVE-2023-26049",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-26049"
    },
    {
      "cve": "CVE-2023-2828",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-2828"
    },
    {
      "cve": "CVE-2023-28709",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-28709"
    },
    {
      "cve": "CVE-2023-29007",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-29007"
    },
    {
      "cve": "CVE-2023-2976",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-2976"
    },
    {
      "cve": "CVE-2023-30441",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-30441"
    },
    {
      "cve": "CVE-2023-30994",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-30994"
    },
    {
      "cve": "CVE-2023-32067",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-32067"
    },
    {
      "cve": "CVE-2023-32697",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-32697"
    },
    {
      "cve": "CVE-2023-33201",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-33201"
    },
    {
      "cve": "CVE-2023-34149",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-34149"
    },
    {
      "cve": "CVE-2023-34396",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-34396"
    },
    {
      "cve": "CVE-2023-34453",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-34453"
    },
    {
      "cve": "CVE-2023-34454",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-34454"
    },
    {
      "cve": "CVE-2023-34455",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-34455"
    },
    {
      "cve": "CVE-2023-34981",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-34981"
    },
    {
      "cve": "CVE-2023-35116",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-35116"
    },
    {
      "cve": "CVE-2023-38408",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-38408"
    },
    {
      "cve": "CVE-2023-40367",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Puffer\u00fcberl\u00e4ufen, Integer-\u00dcberl\u00e4ufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten geh\u00f6ren Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954"
        ]
      },
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-40367"
    }
  ]
}

WID-SEC-W-2023-2679

Vulnerability from csaf_certbund - Published: 2023-10-17 22:00 - Updated: 2023-10-17 22:00

Summary

Oracle Communications: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - UNIX - Linux - Windows - Sonstiges

CVE-2023-41080

In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-4039

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-40167

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-38408

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-3824

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-3635

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-35788

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-34981

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-34462

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-34396

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-34034

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-33201

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-30861

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-2976

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-29491

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-28484

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-26604

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-26049

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-26048

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-2603

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-23931

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-2283

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-22083

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-20883

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-20863

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-0361

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2022-4899

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2022-45688

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2022-45061

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2022-4492

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2022-42920

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2022-40982

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2022-36944

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2022-25147

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2022-24834

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2022-24329

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2021-41945

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2021-37533

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2020-7760

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuoct2023…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Communications umfasst branchenspezifische L\u00f6sungen f\u00fcr die Telekommunikationsbranche.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2679 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2679.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2679 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2679"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - October 2023 - Appendix Oracle Communications vom 2023-10-17",
        "url": "https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixCGBU"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Communications: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-10-17T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:00:00.988+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2679",
      "initial_release_date": "2023-10-17T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-10-17T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Oracle Communications 3.3",
                "product": {
                  "name": "Oracle Communications 3.3",
                  "product_id": "T020687",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:3.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 5.0",
                "product": {
                  "name": "Oracle Communications 5.0",
                  "product_id": "T021645",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:5.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 8.6.0.0",
                "product": {
                  "name": "Oracle Communications 8.6.0.0",
                  "product_id": "T024970",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:8.6.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 23.1.0",
                "product": {
                  "name": "Oracle Communications 23.1.0",
                  "product_id": "T027326",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.1.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 23.1.1",
                "product": {
                  "name": "Oracle Communications 23.1.1",
                  "product_id": "T027329",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.1.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 4.0",
                "product": {
                  "name": "Oracle Communications 4.0",
                  "product_id": "T027337",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:4.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 23.1.2",
                "product": {
                  "name": "Oracle Communications 23.1.2",
                  "product_id": "T028681",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.1.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 23.2.0",
                "product": {
                  "name": "Oracle Communications 23.2.0",
                  "product_id": "T028682",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.2.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 5.1",
                "product": {
                  "name": "Oracle Communications 5.1",
                  "product_id": "T028684",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:5.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 9.1.1.5.0",
                "product": {
                  "name": "Oracle Communications 9.1.1.5.0",
                  "product_id": "T028685",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.1.1.5.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications \u003c= 23.1.7",
                "product": {
                  "name": "Oracle Communications \u003c= 23.1.7",
                  "product_id": "T030582",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.1.7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications \u003c= 23.2.2",
                "product": {
                  "name": "Oracle Communications \u003c= 23.2.2",
                  "product_id": "T030583",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.2.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 23.1.3",
                "product": {
                  "name": "Oracle Communications 23.1.3",
                  "product_id": "T030584",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.1.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 23.2.1",
                "product": {
                  "name": "Oracle Communications 23.2.1",
                  "product_id": "T030585",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.2.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 23.3.0",
                "product": {
                  "name": "Oracle Communications 23.3.0",
                  "product_id": "T030586",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.3.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications \u003c= 23.1.8",
                "product": {
                  "name": "Oracle Communications \u003c= 23.1.8",
                  "product_id": "T030587",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.1.8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications \u003c= 23.2.4",
                "product": {
                  "name": "Oracle Communications \u003c= 23.2.4",
                  "product_id": "T030588",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.2.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 9.0.0.0",
                "product": {
                  "name": "Oracle Communications 9.0.0.0",
                  "product_id": "T030589",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.0.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 12.6.0.0",
                "product": {
                  "name": "Oracle Communications 12.6.0.0",
                  "product_id": "T030590",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:12.6.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 23.1.0.0",
                "product": {
                  "name": "Oracle Communications 23.1.0.0",
                  "product_id": "T030591",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.1.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 7.2.0.0.0",
                "product": {
                  "name": "Oracle Communications 7.2.0.0.0",
                  "product_id": "T030592",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:7.2.0.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 7.2.1.0.0",
                "product": {
                  "name": "Oracle Communications 7.2.1.0.0",
                  "product_id": "T030593",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:7.2.1.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 9.1.1.6.0",
                "product": {
                  "name": "Oracle Communications 9.1.1.6.0",
                  "product_id": "T030594",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.1.1.6.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications \u003c= 9.0.2",
                "product": {
                  "name": "Oracle Communications \u003c= 9.0.2",
                  "product_id": "T030595",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.0.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 4.1",
                "product": {
                  "name": "Oracle Communications 4.1",
                  "product_id": "T030596",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:4.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications \u003c= 9.2",
                "product": {
                  "name": "Oracle Communications \u003c= 9.2",
                  "product_id": "T030597",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Communications"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-41080",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-41080"
    },
    {
      "cve": "CVE-2023-4039",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-4039"
    },
    {
      "cve": "CVE-2023-40167",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-40167"
    },
    {
      "cve": "CVE-2023-38408",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-38408"
    },
    {
      "cve": "CVE-2023-3824",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-3824"
    },
    {
      "cve": "CVE-2023-3635",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-3635"
    },
    {
      "cve": "CVE-2023-35788",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-35788"
    },
    {
      "cve": "CVE-2023-34981",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-34981"
    },
    {
      "cve": "CVE-2023-34462",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-34462"
    },
    {
      "cve": "CVE-2023-34396",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-34396"
    },
    {
      "cve": "CVE-2023-34034",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-34034"
    },
    {
      "cve": "CVE-2023-33201",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-33201"
    },
    {
      "cve": "CVE-2023-30861",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-30861"
    },
    {
      "cve": "CVE-2023-2976",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-2976"
    },
    {
      "cve": "CVE-2023-29491",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-29491"
    },
    {
      "cve": "CVE-2023-28484",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-28484"
    },
    {
      "cve": "CVE-2023-26604",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-26604"
    },
    {
      "cve": "CVE-2023-26049",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-26049"
    },
    {
      "cve": "CVE-2023-26048",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-26048"
    },
    {
      "cve": "CVE-2023-2603",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-2603"
    },
    {
      "cve": "CVE-2023-23931",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-23931"
    },
    {
      "cve": "CVE-2023-2283",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-2283"
    },
    {
      "cve": "CVE-2023-22083",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-22083"
    },
    {
      "cve": "CVE-2023-20883",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-20883"
    },
    {
      "cve": "CVE-2023-20863",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-20863"
    },
    {
      "cve": "CVE-2023-0361",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-0361"
    },
    {
      "cve": "CVE-2022-4899",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-4899"
    },
    {
      "cve": "CVE-2022-45688",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-45688"
    },
    {
      "cve": "CVE-2022-45061",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-45061"
    },
    {
      "cve": "CVE-2022-4492",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-4492"
    },
    {
      "cve": "CVE-2022-42920",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-42920"
    },
    {
      "cve": "CVE-2022-40982",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-40982"
    },
    {
      "cve": "CVE-2022-36944",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-36944"
    },
    {
      "cve": "CVE-2022-25147",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-25147"
    },
    {
      "cve": "CVE-2022-24834",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-24834"
    },
    {
      "cve": "CVE-2022-24329",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-24329"
    },
    {
      "cve": "CVE-2021-41945",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2021-41945"
    },
    {
      "cve": "CVE-2021-37533",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2021-37533"
    },
    {
      "cve": "CVE-2020-7760",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2020-7760"
    }
  ]
}

WID-SEC-W-2024-0794

Vulnerability from csaf_certbund - Published: 2024-04-04 22:00 - Updated: 2024-11-27 23:00

Summary

Dell ECS: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Dell ECS ist ein Objektspeichersystem.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Dell ECS ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2018-18074

In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-10663

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-10672

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-10673

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-10735

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-10968

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-10969

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-11111

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-11112

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-11113

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-11612

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-11619

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-11620

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-11979

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-12762

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-12825

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-13956

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-14060

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-14061

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-14062

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-14195

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-15250

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-1945

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-1967

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-1971

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-24616

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-24750

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-25649

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-25658

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-26116

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-26137

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-26541

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-27216

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-27218

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-27223

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-28366

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-28493

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-29509

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-29511

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-29582

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-29651

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-35490

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-35491

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-35728

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-36179

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-36180

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-36181

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-36182

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-36183

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-36184

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-36185

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-36186

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-36187

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-36188

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-36189

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-36516

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-36518

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-36557

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-36558

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-36691

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-7238

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-8840

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-8908

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-8911

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-8912

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-9488

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-9493

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-9546

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-9547

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2020-9548

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-20190

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-20323

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-21290

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-21295

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-21409

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-23840

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-23841

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-2471

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-25642

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-26341

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-27918

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-28153

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-28165

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-28169

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-28861

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-29425

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-30560

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-3114

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-33036

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-33194

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-33195

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-33196

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-33197

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-33503

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-33655

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-33656

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-3424

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-34428

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-3449

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-3450

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-3530

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-36221

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-36373

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-36374

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-3648

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-36690

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-3711

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-3712

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-37136

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-37137

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-37404

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-37533

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-3754

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-3778

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-3796

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-3826

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-3827

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-38297

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-3872

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-3875

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-3903

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-3923

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-3927

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-3928

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-3968

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-3973

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-3974

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-3984

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-4019

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-4037

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-4069

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-4104

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-4136

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-4157

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-4166

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-41771

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-4192

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-4193

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-4203

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-42567

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-43797

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-44531

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-44532

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-44533

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-44716

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-44878

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-45078

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-46195

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-46828

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2021-46848

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-0128

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-0213

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-0225

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-0261

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-0318

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-0319

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-0351

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-0359

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-0361

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-0392

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-0407

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-0413

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-0561

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-0696

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-0778

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1184

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1245

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1271

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1292

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1381

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1420

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1462

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1466

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1471

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1586

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1587

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1616

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1619

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1620

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1679

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1705

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1720

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1729

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1733

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1735

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1771

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1785

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1796

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1851

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1897

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1898

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1927

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1962

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1968

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1974

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-1975

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-20132

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-20141

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-20154

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-20166

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-20368

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-20369

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2047

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2048

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-20567

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2068

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2097

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-21216

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-21233

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2124

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2125

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2126

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2129

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-21363

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-21385

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-21499

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2153

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-21540

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-21541

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-21549

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-21618

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-21619

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-21624

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-21626

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-21628

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-21702

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2175

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2182

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2183

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2206

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2207

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2208

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2210

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2231

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2256

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2257

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2264

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2284

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2285

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2286

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2287

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-22976

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-22978

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2304

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2318

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-23302

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-23305

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-23307

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2343

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2344

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2345

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-23471

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-23521

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-23772

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-23773

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-24302

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-24329

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-24823

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-24903

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2503

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-25147

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-25168

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2519

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2520

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2521

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2522

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-25647

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2571

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2580

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2581

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-25857

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2588

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2598

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-26148

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-26365

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-26373

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2639

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-26612

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2663

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-27781

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-27782

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-27943

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2795

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-28131

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2816

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2817

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2819

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-28327

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2845

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2849

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2862

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2867

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2868

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2869

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-28693

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2874

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-28748

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2880

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2889

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-29162

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-29187

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2923

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2946

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-29526

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-29583

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2964

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2977

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2980

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2982

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-29900

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-29901

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-2991

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3016

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3028

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3037

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-30580

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-30630

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-30631

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-30632

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-30633

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3099

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-31030

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-31159

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3134

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3153

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3169

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-31690

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-32148

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-32149

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-32206

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-32208

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-32221

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3234

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3235

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3239

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3278

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3296

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3297

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-33196

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3324

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3352

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-33740

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-33741

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-33742

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-33972

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-33981

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-34169

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3424

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-34266

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-34526

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-34903

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3491

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3515

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3520

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3521

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3524

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-35252

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3542

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3545

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3564

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3565

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3566

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3567

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-35737

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3586

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3591

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3594

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3597

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3599

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-36109

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3621

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3626

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3627

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3628

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-36280

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3629

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3635

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3643

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-36437

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3646

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3649

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-36760

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-36879

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-36946

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3705

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-37434

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-37436

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-37865

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-37866

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-38090

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-38096

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-38126

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-38127

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-38177

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-38178

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3821

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-38533

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-38749

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-38750

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-38751

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-38752

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-39028

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3903

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-39188

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-39399

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-3970

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-40149

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-40150

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-40151

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-40152

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-40153

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-40303

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-40304

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-40307

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-40674

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-40768

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-40899

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-4095

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-41218

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-4129

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-4141

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-41717

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-41721

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-41848

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-41850

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-41854

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-41858

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-41881

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-41903

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-41915

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-41966

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-41974

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-42003

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-42004

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-42010

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-42011

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-42012

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-42328

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-42329

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-42703

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-42889

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-42895

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-42896

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-42898

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-4292

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-4293

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-42969

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-4304

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-43552

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-43680

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-43750

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-4378

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-43945

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-43995

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-4415

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-4450

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-44638

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-45061

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-45688

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-45884

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-45885

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-45886

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-45887

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-45919

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-45934

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-45939

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-4662

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-46751

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-46908

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-47629

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-47929

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-48281

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-48337

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2022-48339

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-0045

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-0049

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-0051

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-0054

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-0215

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-0286

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-0288

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-0433

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-0464

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-0465

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-0466

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-0512

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-0590

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-0597

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-0833

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-1076

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-1095

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-1118

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-1127

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-1170

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-1175

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-1370

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-1380

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-1390

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-1436

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-1513

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-1611

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-1670

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-1855

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-1989

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-1990

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-1998

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-20862

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-2124

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-2162

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-2176

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-21830

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-21835

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-21843

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-21930

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-21937

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-21938

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-21939

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-2194

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-21954

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-21967

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-21968

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-22490

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-2253

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-22809

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-23454

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-23455

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-23559

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-23916

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-23946

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-24329

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-24532

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-24534

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-2483

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-24998

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-2513

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-25193

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-25652

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-25690

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-25809

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-25815

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-26048

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-26049

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-2650

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-26545

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-26604

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-27533

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-27534

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-27535

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-27536

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-27538

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-27561

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-2828

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-28320

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-28321

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-28322

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-28328

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-28464

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-28486

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-28487

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-28642

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-28772

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-28840

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-28841

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-28842

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-29007

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-29383

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-29402

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-29406

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-29409

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-2976

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-30630

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-30772

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-31084

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-3138

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-31436

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-31484

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-32269

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-32697

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-33264

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-34034

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-34035

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-34453

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-34454

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-34455

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-34462

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-35116

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-3635

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-36479

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-39533

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-40167

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-40217

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-41105

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-41900

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-43642

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-43804

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-44487

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2023-45803

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

CVE-2024-21626

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Dell ECS <3.8.1.0 Dell / ECS		<3.8.1.0

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.dell.com/support/kbdoc/000223839/dsa-2024-=	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Dell ECS ist ein Objektspeichersystem.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Dell ECS ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0794 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0794.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0794 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0794"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-141 vom 2024-04-04",
        "url": "https://www.dell.com/support/kbdoc/000223839/dsa-2024-="
      }
    ],
    "source_lang": "en-US",
    "title": "Dell ECS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-11-27T23:00:00.000+00:00",
      "generator": {
        "date": "2024-11-28T11:39:04.623+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-0794",
      "initial_release_date": "2024-04-04T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-04-04T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-11-27T23:00:00.000+00:00",
          "number": "2",
          "summary": "Produktzuordnung \u00fcberpr\u00fcft"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c3.8.1.0",
                "product": {
                  "name": "Dell ECS \u003c3.8.1.0",
                  "product_id": "T033919"
                }
              },
              {
                "category": "product_version",
                "name": "3.8.1.0",
                "product": {
                  "name": "Dell ECS 3.8.1.0",
                  "product_id": "T033919-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:dell:ecs:3.8.1.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ECS"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-18074",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2018-18074"
    },
    {
      "cve": "CVE-2020-10663",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-10663"
    },
    {
      "cve": "CVE-2020-10672",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-10672"
    },
    {
      "cve": "CVE-2020-10673",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-10673"
    },
    {
      "cve": "CVE-2020-10735",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-10735"
    },
    {
      "cve": "CVE-2020-10968",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-10968"
    },
    {
      "cve": "CVE-2020-10969",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-10969"
    },
    {
      "cve": "CVE-2020-11111",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-11111"
    },
    {
      "cve": "CVE-2020-11112",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-11112"
    },
    {
      "cve": "CVE-2020-11113",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-11113"
    },
    {
      "cve": "CVE-2020-11612",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-11612"
    },
    {
      "cve": "CVE-2020-11619",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-11619"
    },
    {
      "cve": "CVE-2020-11620",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-11620"
    },
    {
      "cve": "CVE-2020-11979",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-11979"
    },
    {
      "cve": "CVE-2020-12762",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-12762"
    },
    {
      "cve": "CVE-2020-12825",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-12825"
    },
    {
      "cve": "CVE-2020-13956",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-13956"
    },
    {
      "cve": "CVE-2020-14060",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-14060"
    },
    {
      "cve": "CVE-2020-14061",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-14061"
    },
    {
      "cve": "CVE-2020-14062",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-14062"
    },
    {
      "cve": "CVE-2020-14195",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-14195"
    },
    {
      "cve": "CVE-2020-15250",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-15250"
    },
    {
      "cve": "CVE-2020-1945",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-1945"
    },
    {
      "cve": "CVE-2020-1967",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-1967"
    },
    {
      "cve": "CVE-2020-1971",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-1971"
    },
    {
      "cve": "CVE-2020-24616",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-24616"
    },
    {
      "cve": "CVE-2020-24750",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-24750"
    },
    {
      "cve": "CVE-2020-25649",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-25649"
    },
    {
      "cve": "CVE-2020-25658",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-25658"
    },
    {
      "cve": "CVE-2020-26116",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-26116"
    },
    {
      "cve": "CVE-2020-26137",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-26137"
    },
    {
      "cve": "CVE-2020-26541",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-26541"
    },
    {
      "cve": "CVE-2020-27216",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-27216"
    },
    {
      "cve": "CVE-2020-27218",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-27218"
    },
    {
      "cve": "CVE-2020-27223",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-27223"
    },
    {
      "cve": "CVE-2020-28366",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-28366"
    },
    {
      "cve": "CVE-2020-28493",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-28493"
    },
    {
      "cve": "CVE-2020-29509",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-29509"
    },
    {
      "cve": "CVE-2020-29511",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-29511"
    },
    {
      "cve": "CVE-2020-29582",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-29582"
    },
    {
      "cve": "CVE-2020-29651",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-29651"
    },
    {
      "cve": "CVE-2020-35490",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-35490"
    },
    {
      "cve": "CVE-2020-35491",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-35491"
    },
    {
      "cve": "CVE-2020-35728",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-35728"
    },
    {
      "cve": "CVE-2020-36179",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36179"
    },
    {
      "cve": "CVE-2020-36180",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36180"
    },
    {
      "cve": "CVE-2020-36181",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36181"
    },
    {
      "cve": "CVE-2020-36182",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36182"
    },
    {
      "cve": "CVE-2020-36183",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36183"
    },
    {
      "cve": "CVE-2020-36184",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36184"
    },
    {
      "cve": "CVE-2020-36185",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36185"
    },
    {
      "cve": "CVE-2020-36186",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36186"
    },
    {
      "cve": "CVE-2020-36187",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36187"
    },
    {
      "cve": "CVE-2020-36188",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36188"
    },
    {
      "cve": "CVE-2020-36189",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36189"
    },
    {
      "cve": "CVE-2020-36516",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36516"
    },
    {
      "cve": "CVE-2020-36518",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36518"
    },
    {
      "cve": "CVE-2020-36557",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36557"
    },
    {
      "cve": "CVE-2020-36558",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36558"
    },
    {
      "cve": "CVE-2020-36691",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36691"
    },
    {
      "cve": "CVE-2020-7238",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-7238"
    },
    {
      "cve": "CVE-2020-8840",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-8840"
    },
    {
      "cve": "CVE-2020-8908",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-8908"
    },
    {
      "cve": "CVE-2020-8911",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-8911"
    },
    {
      "cve": "CVE-2020-8912",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-8912"
    },
    {
      "cve": "CVE-2020-9488",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-9488"
    },
    {
      "cve": "CVE-2020-9493",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-9493"
    },
    {
      "cve": "CVE-2020-9546",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-9546"
    },
    {
      "cve": "CVE-2020-9547",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-9547"
    },
    {
      "cve": "CVE-2020-9548",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-9548"
    },
    {
      "cve": "CVE-2021-20190",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-20190"
    },
    {
      "cve": "CVE-2021-20323",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-20323"
    },
    {
      "cve": "CVE-2021-21290",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-21290"
    },
    {
      "cve": "CVE-2021-21295",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-21295"
    },
    {
      "cve": "CVE-2021-21409",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-21409"
    },
    {
      "cve": "CVE-2021-23840",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-23840"
    },
    {
      "cve": "CVE-2021-23841",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-23841"
    },
    {
      "cve": "CVE-2021-2471",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-2471"
    },
    {
      "cve": "CVE-2021-25642",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-25642"
    },
    {
      "cve": "CVE-2021-26341",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-26341"
    },
    {
      "cve": "CVE-2021-27918",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-27918"
    },
    {
      "cve": "CVE-2021-28153",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-28153"
    },
    {
      "cve": "CVE-2021-28165",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-28165"
    },
    {
      "cve": "CVE-2021-28169",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-28169"
    },
    {
      "cve": "CVE-2021-28861",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-28861"
    },
    {
      "cve": "CVE-2021-29425",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-29425"
    },
    {
      "cve": "CVE-2021-30560",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-30560"
    },
    {
      "cve": "CVE-2021-3114",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3114"
    },
    {
      "cve": "CVE-2021-33036",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-33036"
    },
    {
      "cve": "CVE-2021-33194",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-33194"
    },
    {
      "cve": "CVE-2021-33195",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-33195"
    },
    {
      "cve": "CVE-2021-33196",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-33196"
    },
    {
      "cve": "CVE-2021-33197",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-33197"
    },
    {
      "cve": "CVE-2021-33503",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-33503"
    },
    {
      "cve": "CVE-2021-33655",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-33655"
    },
    {
      "cve": "CVE-2021-33656",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-33656"
    },
    {
      "cve": "CVE-2021-3424",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3424"
    },
    {
      "cve": "CVE-2021-34428",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-34428"
    },
    {
      "cve": "CVE-2021-3449",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3449"
    },
    {
      "cve": "CVE-2021-3450",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3450"
    },
    {
      "cve": "CVE-2021-3530",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3530"
    },
    {
      "cve": "CVE-2021-36221",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-36221"
    },
    {
      "cve": "CVE-2021-36373",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-36373"
    },
    {
      "cve": "CVE-2021-36374",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-36374"
    },
    {
      "cve": "CVE-2021-3648",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3648"
    },
    {
      "cve": "CVE-2021-36690",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-36690"
    },
    {
      "cve": "CVE-2021-3711",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3711"
    },
    {
      "cve": "CVE-2021-3712",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3712"
    },
    {
      "cve": "CVE-2021-37136",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-37136"
    },
    {
      "cve": "CVE-2021-37137",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-37137"
    },
    {
      "cve": "CVE-2021-37404",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-37404"
    },
    {
      "cve": "CVE-2021-37533",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-37533"
    },
    {
      "cve": "CVE-2021-3754",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3754"
    },
    {
      "cve": "CVE-2021-3778",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3778"
    },
    {
      "cve": "CVE-2021-3796",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3796"
    },
    {
      "cve": "CVE-2021-3826",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3826"
    },
    {
      "cve": "CVE-2021-3827",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3827"
    },
    {
      "cve": "CVE-2021-38297",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-38297"
    },
    {
      "cve": "CVE-2021-3872",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3872"
    },
    {
      "cve": "CVE-2021-3875",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3875"
    },
    {
      "cve": "CVE-2021-3903",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3903"
    },
    {
      "cve": "CVE-2021-3923",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3923"
    },
    {
      "cve": "CVE-2021-3927",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3927"
    },
    {
      "cve": "CVE-2021-3928",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3928"
    },
    {
      "cve": "CVE-2021-3968",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3968"
    },
    {
      "cve": "CVE-2021-3973",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3973"
    },
    {
      "cve": "CVE-2021-3974",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3974"
    },
    {
      "cve": "CVE-2021-3984",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3984"
    },
    {
      "cve": "CVE-2021-4019",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-4019"
    },
    {
      "cve": "CVE-2021-4037",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-4037"
    },
    {
      "cve": "CVE-2021-4069",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-4069"
    },
    {
      "cve": "CVE-2021-4104",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-4104"
    },
    {
      "cve": "CVE-2021-4136",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-4136"
    },
    {
      "cve": "CVE-2021-4157",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-4157"
    },
    {
      "cve": "CVE-2021-4166",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-4166"
    },
    {
      "cve": "CVE-2021-41771",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-41771"
    },
    {
      "cve": "CVE-2021-4192",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-4192"
    },
    {
      "cve": "CVE-2021-4193",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-4193"
    },
    {
      "cve": "CVE-2021-4203",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-4203"
    },
    {
      "cve": "CVE-2021-42567",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-42567"
    },
    {
      "cve": "CVE-2021-43797",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-43797"
    },
    {
      "cve": "CVE-2021-44531",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-44531"
    },
    {
      "cve": "CVE-2021-44532",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-44532"
    },
    {
      "cve": "CVE-2021-44533",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-44533"
    },
    {
      "cve": "CVE-2021-44716",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-44716"
    },
    {
      "cve": "CVE-2021-44878",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-44878"
    },
    {
      "cve": "CVE-2021-45078",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-45078"
    },
    {
      "cve": "CVE-2021-46195",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-46195"
    },
    {
      "cve": "CVE-2021-46828",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-46828"
    },
    {
      "cve": "CVE-2021-46848",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-46848"
    },
    {
      "cve": "CVE-2022-0128",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0128"
    },
    {
      "cve": "CVE-2022-0213",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0213"
    },
    {
      "cve": "CVE-2022-0225",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0225"
    },
    {
      "cve": "CVE-2022-0261",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0261"
    },
    {
      "cve": "CVE-2022-0318",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0318"
    },
    {
      "cve": "CVE-2022-0319",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0319"
    },
    {
      "cve": "CVE-2022-0351",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0351"
    },
    {
      "cve": "CVE-2022-0359",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0359"
    },
    {
      "cve": "CVE-2022-0361",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0361"
    },
    {
      "cve": "CVE-2022-0392",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0392"
    },
    {
      "cve": "CVE-2022-0407",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0407"
    },
    {
      "cve": "CVE-2022-0413",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0413"
    },
    {
      "cve": "CVE-2022-0561",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0561"
    },
    {
      "cve": "CVE-2022-0696",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0696"
    },
    {
      "cve": "CVE-2022-0778",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0778"
    },
    {
      "cve": "CVE-2022-1184",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1184"
    },
    {
      "cve": "CVE-2022-1245",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1245"
    },
    {
      "cve": "CVE-2022-1271",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1271"
    },
    {
      "cve": "CVE-2022-1292",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1292"
    },
    {
      "cve": "CVE-2022-1381",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1381"
    },
    {
      "cve": "CVE-2022-1420",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1420"
    },
    {
      "cve": "CVE-2022-1462",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1462"
    },
    {
      "cve": "CVE-2022-1466",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1466"
    },
    {
      "cve": "CVE-2022-1471",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1471"
    },
    {
      "cve": "CVE-2022-1586",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1586"
    },
    {
      "cve": "CVE-2022-1587",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1587"
    },
    {
      "cve": "CVE-2022-1616",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1616"
    },
    {
      "cve": "CVE-2022-1619",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1619"
    },
    {
      "cve": "CVE-2022-1620",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1620"
    },
    {
      "cve": "CVE-2022-1679",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1679"
    },
    {
      "cve": "CVE-2022-1705",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1705"
    },
    {
      "cve": "CVE-2022-1720",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1720"
    },
    {
      "cve": "CVE-2022-1729",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1729"
    },
    {
      "cve": "CVE-2022-1733",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1733"
    },
    {
      "cve": "CVE-2022-1735",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1735"
    },
    {
      "cve": "CVE-2022-1771",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1771"
    },
    {
      "cve": "CVE-2022-1785",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1785"
    },
    {
      "cve": "CVE-2022-1796",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1796"
    },
    {
      "cve": "CVE-2022-1851",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1851"
    },
    {
      "cve": "CVE-2022-1897",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1897"
    },
    {
      "cve": "CVE-2022-1898",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1898"
    },
    {
      "cve": "CVE-2022-1927",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1927"
    },
    {
      "cve": "CVE-2022-1962",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1962"
    },
    {
      "cve": "CVE-2022-1968",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1968"
    },
    {
      "cve": "CVE-2022-1974",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1974"
    },
    {
      "cve": "CVE-2022-1975",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1975"
    },
    {
      "cve": "CVE-2022-20132",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-20132"
    },
    {
      "cve": "CVE-2022-20141",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-20141"
    },
    {
      "cve": "CVE-2022-20154",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-20154"
    },
    {
      "cve": "CVE-2022-20166",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-20166"
    },
    {
      "cve": "CVE-2022-20368",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-20368"
    },
    {
      "cve": "CVE-2022-20369",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-20369"
    },
    {
      "cve": "CVE-2022-2047",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2047"
    },
    {
      "cve": "CVE-2022-2048",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2048"
    },
    {
      "cve": "CVE-2022-20567",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-20567"
    },
    {
      "cve": "CVE-2022-2068",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2068"
    },
    {
      "cve": "CVE-2022-2097",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2097"
    },
    {
      "cve": "CVE-2022-21216",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21216"
    },
    {
      "cve": "CVE-2022-21233",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21233"
    },
    {
      "cve": "CVE-2022-2124",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2124"
    },
    {
      "cve": "CVE-2022-2125",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2125"
    },
    {
      "cve": "CVE-2022-2126",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2126"
    },
    {
      "cve": "CVE-2022-2129",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2129"
    },
    {
      "cve": "CVE-2022-21363",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21363"
    },
    {
      "cve": "CVE-2022-21385",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21385"
    },
    {
      "cve": "CVE-2022-21499",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21499"
    },
    {
      "cve": "CVE-2022-2153",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2153"
    },
    {
      "cve": "CVE-2022-21540",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21540"
    },
    {
      "cve": "CVE-2022-21541",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21541"
    },
    {
      "cve": "CVE-2022-21549",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21549"
    },
    {
      "cve": "CVE-2022-21618",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21618"
    },
    {
      "cve": "CVE-2022-21619",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21619"
    },
    {
      "cve": "CVE-2022-21624",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21624"
    },
    {
      "cve": "CVE-2022-21626",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21626"
    },
    {
      "cve": "CVE-2022-21628",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21628"
    },
    {
      "cve": "CVE-2022-21702",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21702"
    },
    {
      "cve": "CVE-2022-2175",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2175"
    },
    {
      "cve": "CVE-2022-2182",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2182"
    },
    {
      "cve": "CVE-2022-2183",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2183"
    },
    {
      "cve": "CVE-2022-2206",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2206"
    },
    {
      "cve": "CVE-2022-2207",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2207"
    },
    {
      "cve": "CVE-2022-2208",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2208"
    },
    {
      "cve": "CVE-2022-2210",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2210"
    },
    {
      "cve": "CVE-2022-2231",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2231"
    },
    {
      "cve": "CVE-2022-2256",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2256"
    },
    {
      "cve": "CVE-2022-2257",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2257"
    },
    {
      "cve": "CVE-2022-2264",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2264"
    },
    {
      "cve": "CVE-2022-2284",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2284"
    },
    {
      "cve": "CVE-2022-2285",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2285"
    },
    {
      "cve": "CVE-2022-2286",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2286"
    },
    {
      "cve": "CVE-2022-2287",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2287"
    },
    {
      "cve": "CVE-2022-22976",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-22976"
    },
    {
      "cve": "CVE-2022-22978",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-22978"
    },
    {
      "cve": "CVE-2022-2304",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2304"
    },
    {
      "cve": "CVE-2022-2318",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2318"
    },
    {
      "cve": "CVE-2022-23302",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-23302"
    },
    {
      "cve": "CVE-2022-23305",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-23305"
    },
    {
      "cve": "CVE-2022-23307",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-23307"
    },
    {
      "cve": "CVE-2022-2343",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2343"
    },
    {
      "cve": "CVE-2022-2344",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2344"
    },
    {
      "cve": "CVE-2022-2345",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2345"
    },
    {
      "cve": "CVE-2022-23471",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-23471"
    },
    {
      "cve": "CVE-2022-23521",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-23521"
    },
    {
      "cve": "CVE-2022-23772",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-23772"
    },
    {
      "cve": "CVE-2022-23773",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-23773"
    },
    {
      "cve": "CVE-2022-24302",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-24302"
    },
    {
      "cve": "CVE-2022-24329",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-24329"
    },
    {
      "cve": "CVE-2022-24823",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-24823"
    },
    {
      "cve": "CVE-2022-24903",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-24903"
    },
    {
      "cve": "CVE-2022-2503",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2503"
    },
    {
      "cve": "CVE-2022-25147",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-25147"
    },
    {
      "cve": "CVE-2022-25168",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-25168"
    },
    {
      "cve": "CVE-2022-2519",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2519"
    },
    {
      "cve": "CVE-2022-2520",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2520"
    },
    {
      "cve": "CVE-2022-2521",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2521"
    },
    {
      "cve": "CVE-2022-2522",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2522"
    },
    {
      "cve": "CVE-2022-25647",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-25647"
    },
    {
      "cve": "CVE-2022-2571",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2571"
    },
    {
      "cve": "CVE-2022-2580",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2580"
    },
    {
      "cve": "CVE-2022-2581",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2581"
    },
    {
      "cve": "CVE-2022-25857",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-25857"
    },
    {
      "cve": "CVE-2022-2588",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2588"
    },
    {
      "cve": "CVE-2022-2598",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2598"
    },
    {
      "cve": "CVE-2022-26148",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-26148"
    },
    {
      "cve": "CVE-2022-26365",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-26365"
    },
    {
      "cve": "CVE-2022-26373",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-26373"
    },
    {
      "cve": "CVE-2022-2639",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2639"
    },
    {
      "cve": "CVE-2022-26612",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-26612"
    },
    {
      "cve": "CVE-2022-2663",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2663"
    },
    {
      "cve": "CVE-2022-27781",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-27781"
    },
    {
      "cve": "CVE-2022-27782",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-27782"
    },
    {
      "cve": "CVE-2022-27943",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-27943"
    },
    {
      "cve": "CVE-2022-2795",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2795"
    },
    {
      "cve": "CVE-2022-28131",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-28131"
    },
    {
      "cve": "CVE-2022-2816",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2816"
    },
    {
      "cve": "CVE-2022-2817",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2817"
    },
    {
      "cve": "CVE-2022-2819",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2819"
    },
    {
      "cve": "CVE-2022-28327",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-28327"
    },
    {
      "cve": "CVE-2022-2845",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2845"
    },
    {
      "cve": "CVE-2022-2849",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2849"
    },
    {
      "cve": "CVE-2022-2862",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2862"
    },
    {
      "cve": "CVE-2022-2867",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2867"
    },
    {
      "cve": "CVE-2022-2868",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2868"
    },
    {
      "cve": "CVE-2022-2869",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2869"
    },
    {
      "cve": "CVE-2022-28693",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-28693"
    },
    {
      "cve": "CVE-2022-2874",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2874"
    },
    {
      "cve": "CVE-2022-28748",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-28748"
    },
    {
      "cve": "CVE-2022-2880",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2880"
    },
    {
      "cve": "CVE-2022-2889",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2889"
    },
    {
      "cve": "CVE-2022-29162",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-29162"
    },
    {
      "cve": "CVE-2022-29187",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-29187"
    },
    {
      "cve": "CVE-2022-2923",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2923"
    },
    {
      "cve": "CVE-2022-2946",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2946"
    },
    {
      "cve": "CVE-2022-29526",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-29526"
    },
    {
      "cve": "CVE-2022-29583",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-29583"
    },
    {
      "cve": "CVE-2022-2964",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2964"
    },
    {
      "cve": "CVE-2022-2977",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2977"
    },
    {
      "cve": "CVE-2022-2980",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2980"
    },
    {
      "cve": "CVE-2022-2982",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2982"
    },
    {
      "cve": "CVE-2022-29900",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-29900"
    },
    {
      "cve": "CVE-2022-29901",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-29901"
    },
    {
      "cve": "CVE-2022-2991",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2991"
    },
    {
      "cve": "CVE-2022-3016",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3016"
    },
    {
      "cve": "CVE-2022-3028",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3028"
    },
    {
      "cve": "CVE-2022-3037",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3037"
    },
    {
      "cve": "CVE-2022-30580",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-30580"
    },
    {
      "cve": "CVE-2022-30630",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-30630"
    },
    {
      "cve": "CVE-2022-30631",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-30631"
    },
    {
      "cve": "CVE-2022-30632",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-30632"
    },
    {
      "cve": "CVE-2022-30633",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-30633"
    },
    {
      "cve": "CVE-2022-3099",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3099"
    },
    {
      "cve": "CVE-2022-31030",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-31030"
    },
    {
      "cve": "CVE-2022-31159",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-31159"
    },
    {
      "cve": "CVE-2022-3134",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3134"
    },
    {
      "cve": "CVE-2022-3153",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3153"
    },
    {
      "cve": "CVE-2022-3169",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3169"
    },
    {
      "cve": "CVE-2022-31690",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-31690"
    },
    {
      "cve": "CVE-2022-32148",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-32148"
    },
    {
      "cve": "CVE-2022-32149",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-32149"
    },
    {
      "cve": "CVE-2022-32206",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-32206"
    },
    {
      "cve": "CVE-2022-32208",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-32208"
    },
    {
      "cve": "CVE-2022-32221",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-32221"
    },
    {
      "cve": "CVE-2022-3234",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3234"
    },
    {
      "cve": "CVE-2022-3235",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3235"
    },
    {
      "cve": "CVE-2022-3239",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3239"
    },
    {
      "cve": "CVE-2022-3278",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3278"
    },
    {
      "cve": "CVE-2022-3296",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3296"
    },
    {
      "cve": "CVE-2022-3297",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3297"
    },
    {
      "cve": "CVE-2022-33196",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-33196"
    },
    {
      "cve": "CVE-2022-3324",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3324"
    },
    {
      "cve": "CVE-2022-3352",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3352"
    },
    {
      "cve": "CVE-2022-33740",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-33740"
    },
    {
      "cve": "CVE-2022-33741",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-33741"
    },
    {
      "cve": "CVE-2022-33742",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-33742"
    },
    {
      "cve": "CVE-2022-33972",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-33972"
    },
    {
      "cve": "CVE-2022-33981",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-33981"
    },
    {
      "cve": "CVE-2022-34169",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-34169"
    },
    {
      "cve": "CVE-2022-3424",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3424"
    },
    {
      "cve": "CVE-2022-34266",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-34266"
    },
    {
      "cve": "CVE-2022-34526",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-34526"
    },
    {
      "cve": "CVE-2022-34903",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-34903"
    },
    {
      "cve": "CVE-2022-3491",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3491"
    },
    {
      "cve": "CVE-2022-3515",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3515"
    },
    {
      "cve": "CVE-2022-3520",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3520"
    },
    {
      "cve": "CVE-2022-3521",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3521"
    },
    {
      "cve": "CVE-2022-3524",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3524"
    },
    {
      "cve": "CVE-2022-35252",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-35252"
    },
    {
      "cve": "CVE-2022-3542",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3542"
    },
    {
      "cve": "CVE-2022-3545",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3545"
    },
    {
      "cve": "CVE-2022-3564",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3564"
    },
    {
      "cve": "CVE-2022-3565",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3565"
    },
    {
      "cve": "CVE-2022-3566",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3566"
    },
    {
      "cve": "CVE-2022-3567",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3567"
    },
    {
      "cve": "CVE-2022-35737",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-35737"
    },
    {
      "cve": "CVE-2022-3586",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3586"
    },
    {
      "cve": "CVE-2022-3591",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3591"
    },
    {
      "cve": "CVE-2022-3594",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3594"
    },
    {
      "cve": "CVE-2022-3597",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3597"
    },
    {
      "cve": "CVE-2022-3599",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3599"
    },
    {
      "cve": "CVE-2022-36109",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-36109"
    },
    {
      "cve": "CVE-2022-3621",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3621"
    },
    {
      "cve": "CVE-2022-3626",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3626"
    },
    {
      "cve": "CVE-2022-3627",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3627"
    },
    {
      "cve": "CVE-2022-3628",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3628"
    },
    {
      "cve": "CVE-2022-36280",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-36280"
    },
    {
      "cve": "CVE-2022-3629",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3629"
    },
    {
      "cve": "CVE-2022-3635",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3635"
    },
    {
      "cve": "CVE-2022-3643",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3643"
    },
    {
      "cve": "CVE-2022-36437",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-36437"
    },
    {
      "cve": "CVE-2022-3646",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3646"
    },
    {
      "cve": "CVE-2022-3649",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3649"
    },
    {
      "cve": "CVE-2022-36760",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-36760"
    },
    {
      "cve": "CVE-2022-36879",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-36879"
    },
    {
      "cve": "CVE-2022-36946",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-36946"
    },
    {
      "cve": "CVE-2022-3705",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3705"
    },
    {
      "cve": "CVE-2022-37434",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-37434"
    },
    {
      "cve": "CVE-2022-37436",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-37436"
    },
    {
      "cve": "CVE-2022-37865",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-37865"
    },
    {
      "cve": "CVE-2022-37866",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-37866"
    },
    {
      "cve": "CVE-2022-38090",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-38090"
    },
    {
      "cve": "CVE-2022-38096",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-38096"
    },
    {
      "cve": "CVE-2022-38126",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-38126"
    },
    {
      "cve": "CVE-2022-38127",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-38127"
    },
    {
      "cve": "CVE-2022-38177",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-38177"
    },
    {
      "cve": "CVE-2022-38178",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-38178"
    },
    {
      "cve": "CVE-2022-3821",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3821"
    },
    {
      "cve": "CVE-2022-38533",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-38533"
    },
    {
      "cve": "CVE-2022-38749",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-38749"
    },
    {
      "cve": "CVE-2022-38750",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-38750"
    },
    {
      "cve": "CVE-2022-38751",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-38751"
    },
    {
      "cve": "CVE-2022-38752",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-38752"
    },
    {
      "cve": "CVE-2022-39028",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-39028"
    },
    {
      "cve": "CVE-2022-3903",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3903"
    },
    {
      "cve": "CVE-2022-39188",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-39188"
    },
    {
      "cve": "CVE-2022-39399",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-39399"
    },
    {
      "cve": "CVE-2022-3970",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3970"
    },
    {
      "cve": "CVE-2022-40149",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-40149"
    },
    {
      "cve": "CVE-2022-40150",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-40150"
    },
    {
      "cve": "CVE-2022-40151",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-40151"
    },
    {
      "cve": "CVE-2022-40152",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-40152"
    },
    {
      "cve": "CVE-2022-40153",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-40153"
    },
    {
      "cve": "CVE-2022-40303",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-40303"
    },
    {
      "cve": "CVE-2022-40304",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-40304"
    },
    {
      "cve": "CVE-2022-40307",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-40307"
    },
    {
      "cve": "CVE-2022-40674",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-40674"
    },
    {
      "cve": "CVE-2022-40768",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-40768"
    },
    {
      "cve": "CVE-2022-40899",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-40899"
    },
    {
      "cve": "CVE-2022-4095",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-4095"
    },
    {
      "cve": "CVE-2022-41218",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41218"
    },
    {
      "cve": "CVE-2022-4129",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-4129"
    },
    {
      "cve": "CVE-2022-4141",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-4141"
    },
    {
      "cve": "CVE-2022-41717",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41717"
    },
    {
      "cve": "CVE-2022-41721",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41721"
    },
    {
      "cve": "CVE-2022-41848",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41848"
    },
    {
      "cve": "CVE-2022-41850",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41850"
    },
    {
      "cve": "CVE-2022-41854",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41854"
    },
    {
      "cve": "CVE-2022-41858",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41858"
    },
    {
      "cve": "CVE-2022-41881",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41881"
    },
    {
      "cve": "CVE-2022-41903",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41903"
    },
    {
      "cve": "CVE-2022-41915",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41915"
    },
    {
      "cve": "CVE-2022-41966",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41966"
    },
    {
      "cve": "CVE-2022-41974",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41974"
    },
    {
      "cve": "CVE-2022-42003",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42003"
    },
    {
      "cve": "CVE-2022-42004",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42004"
    },
    {
      "cve": "CVE-2022-42010",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42010"
    },
    {
      "cve": "CVE-2022-42011",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42011"
    },
    {
      "cve": "CVE-2022-42012",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42012"
    },
    {
      "cve": "CVE-2022-42328",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42328"
    },
    {
      "cve": "CVE-2022-42329",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42329"
    },
    {
      "cve": "CVE-2022-42703",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42703"
    },
    {
      "cve": "CVE-2022-42889",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42889"
    },
    {
      "cve": "CVE-2022-42895",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42895"
    },
    {
      "cve": "CVE-2022-42896",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42896"
    },
    {
      "cve": "CVE-2022-42898",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42898"
    },
    {
      "cve": "CVE-2022-4292",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-4292"
    },
    {
      "cve": "CVE-2022-4293",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-4293"
    },
    {
      "cve": "CVE-2022-42969",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42969"
    },
    {
      "cve": "CVE-2022-4304",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-4304"
    },
    {
      "cve": "CVE-2022-43552",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-43552"
    },
    {
      "cve": "CVE-2022-43680",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-43680"
    },
    {
      "cve": "CVE-2022-43750",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-43750"
    },
    {
      "cve": "CVE-2022-4378",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-4378"
    },
    {
      "cve": "CVE-2022-43945",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-43945"
    },
    {
      "cve": "CVE-2022-43995",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-43995"
    },
    {
      "cve": "CVE-2022-4415",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-4415"
    },
    {
      "cve": "CVE-2022-4450",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-4450"
    },
    {
      "cve": "CVE-2022-44638",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-44638"
    },
    {
      "cve": "CVE-2022-45061",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-45061"
    },
    {
      "cve": "CVE-2022-45688",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-45688"
    },
    {
      "cve": "CVE-2022-45884",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-45884"
    },
    {
      "cve": "CVE-2022-45885",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-45885"
    },
    {
      "cve": "CVE-2022-45886",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-45886"
    },
    {
      "cve": "CVE-2022-45887",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-45887"
    },
    {
      "cve": "CVE-2022-45919",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-45919"
    },
    {
      "cve": "CVE-2022-45934",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-45934"
    },
    {
      "cve": "CVE-2022-45939",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-45939"
    },
    {
      "cve": "CVE-2022-4662",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-4662"
    },
    {
      "cve": "CVE-2022-46751",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-46751"
    },
    {
      "cve": "CVE-2022-46908",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-46908"
    },
    {
      "cve": "CVE-2022-47629",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-47629"
    },
    {
      "cve": "CVE-2022-47929",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-47929"
    },
    {
      "cve": "CVE-2022-48281",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-48281"
    },
    {
      "cve": "CVE-2022-48337",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-48337"
    },
    {
      "cve": "CVE-2022-48339",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-48339"
    },
    {
      "cve": "CVE-2023-0045",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0045"
    },
    {
      "cve": "CVE-2023-0049",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0049"
    },
    {
      "cve": "CVE-2023-0051",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0051"
    },
    {
      "cve": "CVE-2023-0054",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0054"
    },
    {
      "cve": "CVE-2023-0215",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0215"
    },
    {
      "cve": "CVE-2023-0286",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0286"
    },
    {
      "cve": "CVE-2023-0288",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0288"
    },
    {
      "cve": "CVE-2023-0433",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0433"
    },
    {
      "cve": "CVE-2023-0464",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0464"
    },
    {
      "cve": "CVE-2023-0465",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0465"
    },
    {
      "cve": "CVE-2023-0466",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0466"
    },
    {
      "cve": "CVE-2023-0512",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0512"
    },
    {
      "cve": "CVE-2023-0590",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0590"
    },
    {
      "cve": "CVE-2023-0597",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0597"
    },
    {
      "cve": "CVE-2023-0833",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0833"
    },
    {
      "cve": "CVE-2023-1076",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1076"
    },
    {
      "cve": "CVE-2023-1095",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1095"
    },
    {
      "cve": "CVE-2023-1118",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1118"
    },
    {
      "cve": "CVE-2023-1127",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1127"
    },
    {
      "cve": "CVE-2023-1170",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1170"
    },
    {
      "cve": "CVE-2023-1175",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1175"
    },
    {
      "cve": "CVE-2023-1370",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1370"
    },
    {
      "cve": "CVE-2023-1380",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1380"
    },
    {
      "cve": "CVE-2023-1390",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1390"
    },
    {
      "cve": "CVE-2023-1436",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1436"
    },
    {
      "cve": "CVE-2023-1513",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1513"
    },
    {
      "cve": "CVE-2023-1611",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1611"
    },
    {
      "cve": "CVE-2023-1670",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1670"
    },
    {
      "cve": "CVE-2023-1855",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1855"
    },
    {
      "cve": "CVE-2023-1989",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1989"
    },
    {
      "cve": "CVE-2023-1990",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1990"
    },
    {
      "cve": "CVE-2023-1998",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1998"
    },
    {
      "cve": "CVE-2023-20862",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-20862"
    },
    {
      "cve": "CVE-2023-2124",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-2124"
    },
    {
      "cve": "CVE-2023-2162",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-2162"
    },
    {
      "cve": "CVE-2023-2176",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-2176"
    },
    {
      "cve": "CVE-2023-21830",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-21830"
    },
    {
      "cve": "CVE-2023-21835",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-21835"
    },
    {
      "cve": "CVE-2023-21843",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-21843"
    },
    {
      "cve": "CVE-2023-21930",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-21930"
    },
    {
      "cve": "CVE-2023-21937",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-21937"
    },
    {
      "cve": "CVE-2023-21938",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-21938"
    },
    {
      "cve": "CVE-2023-21939",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-21939"
    },
    {
      "cve": "CVE-2023-2194",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-2194"
    },
    {
      "cve": "CVE-2023-21954",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-21954"
    },
    {
      "cve": "CVE-2023-21967",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-21967"
    },
    {
      "cve": "CVE-2023-21968",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-21968"
    },
    {
      "cve": "CVE-2023-22490",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-22490"
    },
    {
      "cve": "CVE-2023-2253",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-2253"
    },
    {
      "cve": "CVE-2023-22809",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-22809"
    },
    {
      "cve": "CVE-2023-23454",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-23454"
    },
    {
      "cve": "CVE-2023-23455",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-23455"
    },
    {
      "cve": "CVE-2023-23559",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-23559"
    },
    {
      "cve": "CVE-2023-23916",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-23916"
    },
    {
      "cve": "CVE-2023-23946",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-23946"
    },
    {
      "cve": "CVE-2023-24329",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-24329"
    },
    {
      "cve": "CVE-2023-24532",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-24532"
    },
    {
      "cve": "CVE-2023-24534",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-24534"
    },
    {
      "cve": "CVE-2023-2483",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-2483"
    },
    {
      "cve": "CVE-2023-24998",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-24998"
    },
    {
      "cve": "CVE-2023-2513",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-2513"
    },
    {
      "cve": "CVE-2023-25193",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-25193"
    },
    {
      "cve": "CVE-2023-25652",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-25652"
    },
    {
      "cve": "CVE-2023-25690",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-25690"
    },
    {
      "cve": "CVE-2023-25809",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-25809"
    },
    {
      "cve": "CVE-2023-25815",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-25815"
    },
    {
      "cve": "CVE-2023-26048",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-26048"
    },
    {
      "cve": "CVE-2023-26049",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-26049"
    },
    {
      "cve": "CVE-2023-2650",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-2650"
    },
    {
      "cve": "CVE-2023-26545",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-26545"
    },
    {
      "cve": "CVE-2023-26604",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-26604"
    },
    {
      "cve": "CVE-2023-27533",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-27533"
    },
    {
      "cve": "CVE-2023-27534",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-27534"
    },
    {
      "cve": "CVE-2023-27535",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-27535"
    },
    {
      "cve": "CVE-2023-27536",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-27536"
    },
    {
      "cve": "CVE-2023-27538",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-27538"
    },
    {
      "cve": "CVE-2023-27561",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-27561"
    },
    {
      "cve": "CVE-2023-2828",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-2828"
    },
    {
      "cve": "CVE-2023-28320",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28320"
    },
    {
      "cve": "CVE-2023-28321",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28321"
    },
    {
      "cve": "CVE-2023-28322",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28322"
    },
    {
      "cve": "CVE-2023-28328",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28328"
    },
    {
      "cve": "CVE-2023-28464",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28464"
    },
    {
      "cve": "CVE-2023-28486",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28486"
    },
    {
      "cve": "CVE-2023-28487",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28487"
    },
    {
      "cve": "CVE-2023-28642",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28642"
    },
    {
      "cve": "CVE-2023-28772",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28772"
    },
    {
      "cve": "CVE-2023-28840",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28840"
    },
    {
      "cve": "CVE-2023-28841",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28841"
    },
    {
      "cve": "CVE-2023-28842",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28842"
    },
    {
      "cve": "CVE-2023-29007",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-29007"
    },
    {
      "cve": "CVE-2023-29383",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-29383"
    },
    {
      "cve": "CVE-2023-29402",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-29402"
    },
    {
      "cve": "CVE-2023-29406",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-29406"
    },
    {
      "cve": "CVE-2023-29409",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-29409"
    },
    {
      "cve": "CVE-2023-2976",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-2976"
    },
    {
      "cve": "CVE-2023-30630",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-30630"
    },
    {
      "cve": "CVE-2023-30772",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-30772"
    },
    {
      "cve": "CVE-2023-31084",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-31084"
    },
    {
      "cve": "CVE-2023-3138",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-3138"
    },
    {
      "cve": "CVE-2023-31436",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-31436"
    },
    {
      "cve": "CVE-2023-31484",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-31484"
    },
    {
      "cve": "CVE-2023-32269",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-32269"
    },
    {
      "cve": "CVE-2023-32697",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-32697"
    },
    {
      "cve": "CVE-2023-33264",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-33264"
    },
    {
      "cve": "CVE-2023-34034",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-34034"
    },
    {
      "cve": "CVE-2023-34035",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-34035"
    },
    {
      "cve": "CVE-2023-34453",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-34453"
    },
    {
      "cve": "CVE-2023-34454",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-34454"
    },
    {
      "cve": "CVE-2023-34455",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-34455"
    },
    {
      "cve": "CVE-2023-34462",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-34462"
    },
    {
      "cve": "CVE-2023-35116",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-35116"
    },
    {
      "cve": "CVE-2023-3635",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-3635"
    },
    {
      "cve": "CVE-2023-36479",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-36479"
    },
    {
      "cve": "CVE-2023-39533",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-39533"
    },
    {
      "cve": "CVE-2023-40167",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-40167"
    },
    {
      "cve": "CVE-2023-40217",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-40217"
    },
    {
      "cve": "CVE-2023-41105",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-41105"
    },
    {
      "cve": "CVE-2023-41900",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-41900"
    },
    {
      "cve": "CVE-2023-43642",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-43642"
    },
    {
      "cve": "CVE-2023-43804",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-43804"
    },
    {
      "cve": "CVE-2023-44487",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-44487"
    },
    {
      "cve": "CVE-2023-45803",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-45803"
    },
    {
      "cve": "CVE-2024-21626",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2024-21626"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-26048 (GCVE-0-2023-26048)

Tags

Sightings

Nomenclature